Report #10687 check_circle

  • Creation Date: June 24, 2020, 2:19 p.m.
  • Last Update: June 24, 2020, 2:23 p.m.
  • File: ((GPI) S.A.R.L. ).exe
  • Results:
Binary
DLL
False cancel
Size
463.00KB
trid
55.8% Generic CIL Executable
21.0% Win64 Executable
9.9% Windows screen saver
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
c057297bc680423ed185ef62be52abdd
sha1
4ae41f4cc12720be8df41e468f74b07b749a319e
crc32
0x9ae94a87
sha224
3d3bd1c5d914f6ef6b11f6e459c50e85ce3501d251526b269f566452
sha256
2475e4e1c6848b17d812d4f60b249401719f596f6bcd271f236f39ef5f0dbbe5
sha384
ee02bad3311afb78cc9dbd93e8f889504aa78796c10b4d427d08a23a1f550e4edbbf9b13a0f4a9223c5c7a925d45578d
sha512
3688b94524fff1b8dab1d2330d2392b5f272d3390632f5c8b3823ebf2fc3225049c1dc41c7c177507deb62b677819481a2ee73f3c2e1d58977eb0fbd3992d393
ssdeep
12288:sQbUK4EZmHd2eSY+dZSlK67nHNqjkPU0R8as:BwKNkHd2e+roHNb80O
Community
Google
False cancel
HashLib
False cancel
YARA
Matches


Suspicious
False cancel

Strings
List


Foremost
Matches
0.exe, 463 KB, 162.png, 574 B, 163.png, 511 B, 164.png, 756 B, 166.png, 756 B, 168.png, 361 B, 169.png, 361 B, 170.png, 694 B, 172.png, 694 B, 173.png, 693 B, 175.png, 565 B, 177.png, 565 B, 178.png, 648 B, 180.png, 648 B, 181.png, 499 B, 182.png, 653 B, 184.png, 653 B, 186.png, 804 B, 187.png, 516 B, 202.png, 359 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed
hasFiles: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 479474
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed
hasLibs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: False cancel
Value: 0
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 196

pushpopmath
.text: 123

ss register
.text: 3

garbagebytes
.text: 76

hookdetection
.text: 5

software breakpoint
.text: 8

fakeconditionaljumps
.text: 7

programcontrolflowchange
.text: 69

cpuinstructionsresultscomparison
.text: 9

AVclass
nanobot
1
VirusTotal
md5
c057297bc680423ed185ef62be52abdd
sha1
4ae41f4cc12720be8df41e468f74b07b749a319e
SCANS (DETECTION RATE = 77.78%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200605
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=85)
update: 20200605
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200604
version: 6.32
detected: True check_circle

Bkav
update: 20200605
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 0056702b1 )
update: 20200605
version: 11.113.34326
detected: True check_circle

ALYac
result: Trojan.GenericKD.33864729
update: 20200605
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:PWSX-gen [Trj]
update: 20200605
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.AgentTesla.xbdsz
update: 20200605
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.ASY.gen!Eldorado
update: 20200605
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.47097
update: 20200605
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.33864729
update: 20200605
version: A:25.25839B:27.18986
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200605
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20200605
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200605
version: 84252
detected: True check_circle

Zoner
result: Trojan.Win32.89711
update: 20200605
version: 0.0.0.0
detected: True check_circle

ClamAV
update: 20200605
version: 0.102.3.0
detected: False cancel

Comodo
result: Malware@#2ex58pyutacv1
update: 20200605
version: 32509
detected: True check_circle

F-Prot
result: W32/MSIL_Kryptik.ASY.gen!Eldorado
update: 20200605
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Inject
update: 20200605
version: 0.1.5.2
detected: True check_circle

McAfee
result: Fareit-FTN!C057297BC680
update: 20200605
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.NanoBot!8.28C (KTSE)
update: 20200605
version: 25.0.0.25
detected: True check_circle

Sophos
result: Troj/Bbindi-CD
update: 20200605
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Igent.bTLH4d.32
update: 20200604
version: 5.5.2.24
detected: True check_circle

Zillya
result: Backdoor.NanoBot.Win32.6
update: 20200605
version: 2.0.0.4104
detected: True check_circle

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
result: TrojanSpy:MSIL/AgentTesla.bf49c5a0
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D204BC19
update: 20200605
version: 1.0.0.875
detected: True check_circle

Cylance
result: Unsafe
update: 20200605
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200530
version: 4.0.4
detected: True check_circle

FireEye
result: Trojan.GenericKD.33864729
update: 20200605
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200605
version: 2020-06-05.02
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200605
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Z.Agent.474112.BKI
update: 20200605
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Malware.Gen
update: 20200605
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20200605
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.33864729
update: 20200605
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.NanoBot.m!c
update: 20200605
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33864729 (B)
update: 20200605
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.AgentTesla.xbdsz
update: 20200605
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Autorun.ABDD!tr
update: 20200605
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200502
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200605
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200605
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200605
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.MBT
update: 20200605
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20200505
version: 3.2.25.947
detected: False cancel

AhnLab-V3
result: Malware/Win32.RL_Generic.C4100885
update: 20200605
version: 3.17.6.27456
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/MSIL.NanoBot
update: 20200605
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.MSIL.NanoBot.gen
update: 20200605
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanSpy:MSIL/AgentTesla.AP!MTB
update: 20200605
version: 1.1.17100.2
detected: True check_circle

Qihoo-360
result: Generic/Backdoor.BO.5c9
update: 20200605
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Backdoor.MSIL.NanoBot.gen
update: 20200605
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: MSIL/Autorun.Spy.Agent.DF
update: 20200605
version: 21447
detected: True check_circle

TrendMicro
result: TrojanSpy.MSIL.NEGEASTEAL.SMTNX
update: 20200605
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33864729
update: 20200605
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0056702b1 )
update: 20200605
version: 11.113.34327
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200601
version: 4.3.0.105
detected: True check_circle

Avast-Mobile
update: 20200605
version: 200605-00
detected: False cancel

Malwarebytes
result: Spyware.AgentTesla
update: 20200605
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200601
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Backdoor.MSIL
update: 20200605
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Autorun.hkivms
update: 20200605
version: 1.0.134.25112
detected: True check_circle

BitDefenderTheta
update: 20200603
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Trojan.GenericKD.33864729
update: 20200605
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200530
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.gc
update: 20200605
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.F0D1C00EJ20
update: 20200605
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
2475e4e1c6848b17d812d4f60b249401719f596f6bcd271f236f39ef5f0dbbe5
scan_id
2475e4e1c6848b17d812d4f60b249401719f596f6bcd271f236f39ef5f0dbbe5-1591388605
resource
c057297bc680423ed185ef62be52abdd
positives
56
scan_date
2020-06-05 20:23:25
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
24/6/2020 - 13:45:43.543Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 13:45:43.543Open1480C:\malware.exeC:\
24/6/2020 - 13:45:43.543Unknown1480C:\malware.exeC:\
24/6/2020 - 13:45:43.543Open1480C:\malware.exeC:\Windows
24/6/2020 - 13:45:43.543Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 13:45:43.543Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:45:43.543Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:45:45.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 13:45:45.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:45.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:45.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:45.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:45.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:45.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:45.809Open1480C:\malware.exeC:\malware.exe.config
24/6/2020 - 13:45:45.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 13:45:45.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 13:45:45.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 13:45:45.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 13:45:45.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 13:45:45.825Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 13:45:45.825Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:45:45.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 13:45:45.825Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 13:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.356Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:45:47.403Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:45:47.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:45:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 13:45:48.153Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\
24/6/2020 - 13:45:48.153Unknown1480C:\malware.exeC:\
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\Monitor
24/6/2020 - 13:45:48.153Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 13:45:48.153Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 13:45:48.153Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 13:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 13:45:48.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 13:45:48.200Open1480C:\malware.exeC:\malware.config
24/6/2020 - 13:45:48.200Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 13:45:48.200Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 13:45:48.200Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 13:45:48.200Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:48.200Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 13:45:48.200Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 13:45:48.200Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 13:45:48.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 13:45:48.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 13:45:48.215Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 13:45:48.215Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 13:45:48.215Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:45:48.215Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:45:48.215Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:45:48.215Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 13:45:48.215Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 13:45:48.215Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 13:45:48.215Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:48.215Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 13:45:48.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:48.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:48.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:48.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:48.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:45:48.215Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 13:45:48.231Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:48.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 13:45:48.231Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:48.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.231Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:49.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:45:49.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:45:49.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:50.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:50.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:50.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:45:50.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:50.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:45:51.59Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:51.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:53.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:53.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
24/6/2020 - 13:45:53.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
24/6/2020 - 13:45:53.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 13:45:53.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 13:45:53.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 13:45:53.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:54.28Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 13:45:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:54.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:55.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:55.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:55.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:55.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:55.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:56.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:45:56.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:45:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:45:56.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:45:56.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
24/6/2020 - 13:45:56.793Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 13:45:56.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 13:45:56.793Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 13:45:56.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 13:45:56.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\ShFolder.DLL
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 13:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 13:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 13:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 13:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
24/6/2020 - 13:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 13:45:56.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 13:45:56.840Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 13:45:56.856Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 13:45:56.856Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 13:45:56.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 13:45:56.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 13:45:56.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 13:45:56.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 13:45:56.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 13:45:56.872Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 13:45:56.981Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 13:45:56.981Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 13:45:56.981Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 13:45:56.981Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 13:45:57.75Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 13:45:57.75Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 13:45:57.75Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 13:45:57.75Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 13:45:57.168Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 13:45:57.168Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 13:45:57.168Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 13:45:57.168Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 13:45:57.309Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 13:45:57.309Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 13:45:57.309Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 13:45:57.309Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 13:45:57.450Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 13:45:57.497Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 13:45:57.497Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 13:45:57.497Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 13:45:57.590Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 13:45:57.637Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 13:45:57.637Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 13:45:57.637Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 13:45:57.731Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 13:45:57.731Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 13:45:57.731Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 13:45:57.731Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 13:45:57.825Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 13:45:57.825Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 13:45:57.825Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 13:45:57.825Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 13:45:58.387Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 13:45:58.809Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 13:45:58.856Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 13:45:58.903Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 13:45:58.903Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 13:45:58.903Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 13:45:58.903Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 13:45:58.997Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 13:45:58.997Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 13:45:58.997Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 13:45:58.997Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 13:45:59.137Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 13:45:59.137Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 13:45:59.137Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 13:45:59.137Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 13:45:59.231Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 13:45:59.231Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 13:45:59.231Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 13:45:59.231Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 13:45:59.325Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 13:45:59.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 13:45:59.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 13:45:59.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 13:45:59.465Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 13:45:59.512Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 13:45:59.512Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 13:45:59.512Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 13:45:59.606Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 13:45:59.606Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 13:45:59.606Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 13:45:59.606Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 13:45:59.700Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 13:45:59.700Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 13:45:59.700Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 13:45:59.700Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 13:45:59.793Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 13:45:59.840Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 13:45:59.840Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 13:45:59.840Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 13:45:59.934Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 13:45:59.981Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 13:45:59.981Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 13:45:59.981Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 13:46:0.75Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 13:46:0.75Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 13:46:0.75Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 13:46:0.75Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 13:46:0.168Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 13:46:0.168Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 13:46:0.168Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 13:46:0.168Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 13:46:0.262Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 13:46:0.262Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 13:46:0.262Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 13:46:0.262Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 13:46:0.356Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 13:46:0.356Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 13:46:0.356Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 13:46:0.356Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 13:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 13:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 13:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 13:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 13:46:0.778Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 13:46:0.918Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 13:46:0.918Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 13:46:0.918Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 13:46:1.200Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 13:46:1.340Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 13:46:1.340Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 13:46:1.340Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 13:46:1.481Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 13:46:1.528Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 13:46:1.528Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 13:46:1.528Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 13:46:1.622Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 13:46:1.668Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 13:46:1.668Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 13:46:1.668Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 13:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 13:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 13:46:3.434Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 13:46:3.856Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 13:46:4.231Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 13:46:4.231Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 13:46:4.231Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 13:46:4.887Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 13:46:5.590Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 13:46:5.965Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 13:46:6.387Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 13:46:6.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 13:46:6.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 13:46:6.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 13:46:6.981Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 13:46:7.28Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 13:46:7.28Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 13:46:7.28Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 13:46:7.356Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 13:46:7.684Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 13:46:7.684Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 13:46:7.684Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 13:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 13:46:8.293Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 13:46:8.293Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 13:46:8.293Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 13:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 13:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 13:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 13:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 13:46:9.418Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 13:46:9.747Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 13:46:9.793Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 13:46:9.793Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 13:46:10.309Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 13:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 13:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 13:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 13:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 13:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 13:46:11.200Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 13:46:11.622Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 13:46:11.622Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 13:46:11.668Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 13:46:11.668Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 13:46:11.668Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 13:46:11.809Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 13:46:11.903Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 13:46:11.903Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 13:46:11.903Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 13:46:12.325Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 13:46:12.653Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 13:46:12.793Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 13:46:12.887Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 13:46:12.887Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 13:46:12.887Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 13:46:13.262Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 13:46:13.590Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 13:46:13.684Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 13:46:13.731Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 13:46:13.731Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 13:46:13.825Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 13:46:13.825Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 13:46:13.825Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 13:46:13.825Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 13:46:13.918Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 13:46:13.918Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 13:46:13.918Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 13:46:13.918Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 13:46:14.12Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 13:46:14.12Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 13:46:14.12Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 13:46:14.12Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 13:46:14.153Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 13:46:14.247Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 13:46:14.247Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 13:46:14.247Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 13:46:14.387Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 13:46:14.434Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 13:46:14.434Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 13:46:14.434Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 13:46:14.575Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 13:46:14.575Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 13:46:14.575Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 13:46:14.575Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 13:46:14.668Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 13:46:14.668Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 13:46:14.668Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 13:46:14.668Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 13:46:14.762Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 13:46:14.762Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 13:46:14.762Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 13:46:14.762Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 13:46:14.856Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 13:46:14.856Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 13:46:14.856Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 13:46:14.856Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 13:46:14.997Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 13:46:15.184Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 13:46:15.184Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 13:46:15.184Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 13:46:15.325Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 13:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 13:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 13:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 13:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 13:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 13:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 13:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 13:46:15.512Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 13:46:15.512Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 13:46:15.512Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 13:46:15.512Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 13:46:15.559Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 13:46:15.559Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 13:46:15.559Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 13:46:15.559Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 13:46:15.700Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 13:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 13:46:15.934Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 13:46:15.981Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 13:46:15.981Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 13:46:15.981Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 13:46:16.122Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 13:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 13:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 13:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 13:46:16.309Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 13:46:16.403Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 13:46:16.403Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 13:46:16.403Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 13:46:16.403Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 13:46:16.731Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 13:46:16.918Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 13:46:16.918Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 13:46:16.918Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 13:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 13:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 13:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 13:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 13:46:17.106Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 13:46:17.106Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 13:46:17.106Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 13:46:17.106Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 13:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 13:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 13:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 13:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 13:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 13:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 13:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 13:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 13:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 13:46:17.434Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 13:46:17.434Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 13:46:17.434Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 13:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 13:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 13:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 13:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 13:46:17.622Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 13:46:17.715Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 13:46:17.715Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 13:46:17.715Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 13:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 13:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 13:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 13:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 13:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 13:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 13:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 13:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 13:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 13:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 13:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 13:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 13:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 13:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 13:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 13:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 13:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 13:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 13:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 13:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 13:46:18.325Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 13:46:18.325Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 13:46:18.325Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 13:46:18.325Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 13:46:18.465Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 13:46:18.465Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 13:46:18.465Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 13:46:18.465Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 13:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 13:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 13:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 13:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 13:46:18.559Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 13:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 13:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 13:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 13:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 13:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 13:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 13:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 13:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 13:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 13:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 13:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 13:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 13:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 13:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 13:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 13:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 13:46:19.122Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 13:46:19.122Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 13:46:19.122Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 13:46:19.122Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 13:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 13:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 13:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 13:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 13:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 13:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 13:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 13:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 13:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 13:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 13:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 13:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 13:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 13:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 13:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 13:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 13:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 13:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 13:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 13:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 13:46:19.684Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 13:46:19.684Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 13:46:19.684Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 13:46:19.684Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 13:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 13:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 13:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 13:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 13:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 13:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 13:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 13:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 13:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 13:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 13:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 13:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 13:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 13:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 13:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 13:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 13:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 13:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 13:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 13:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 13:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 13:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 13:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 13:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 13:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 13:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 13:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 13:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 13:46:20.622Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 13:46:20.622Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 13:46:20.622Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 13:46:20.622Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 13:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 13:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 13:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 13:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 13:46:20.809Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 13:46:20.809Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 13:46:20.809Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 13:46:20.809Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 13:46:20.903Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 13:46:20.903Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 13:46:20.903Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 13:46:20.903Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 13:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 13:46:21.90Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 13:46:21.90Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 13:46:21.90Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 13:46:21.278Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 13:46:21.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 13:46:21.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 13:46:21.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 13:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 13:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 13:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 13:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 13:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 13:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 13:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 13:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 13:46:21.559Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 13:46:21.559Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 13:46:21.559Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 13:46:21.559Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 13:46:21.653Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 13:46:21.653Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 13:46:21.653Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 13:46:21.653Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 13:46:21.747Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 13:46:21.747Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 13:46:21.747Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 13:46:21.747Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\script.fon
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\script.fon
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\script.fon
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 13:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 13:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 13:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 13:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 13:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 13:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 13:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 13:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 13:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 13:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 13:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 13:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 13:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 13:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 13:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 13:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 13:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 13:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 13:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 13:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 13:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 13:46:22.825Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 13:46:22.825Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 13:46:22.825Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 13:46:22.965Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 13:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 13:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 13:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 13:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 13:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 13:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 13:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 13:46:23.293Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 13:46:23.293Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 13:46:23.293Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 13:46:23.293Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 13:46:23.387Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 13:46:23.387Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 13:46:23.387Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 13:46:23.387Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 13:46:23.481Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 13:46:23.481Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 13:46:23.481Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 13:46:23.481Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 13:46:23.575Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 13:46:23.575Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 13:46:23.575Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 13:46:23.575Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 13:46:23.668Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 13:46:23.668Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 13:46:23.668Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 13:46:23.668Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 13:46:23.762Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 13:46:23.762Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 13:46:23.762Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 13:46:23.762Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 13:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 13:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 13:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 13:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 13:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 13:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 13:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 13:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 13:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 13:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 13:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 13:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 13:46:24.137Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 13:46:24.137Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 13:46:24.137Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 13:46:24.137Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 13:46:24.231Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 13:46:24.231Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 13:46:24.231Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 13:46:24.231Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 13:46:24.512Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 13:46:24.606Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 13:46:24.606Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 13:46:24.606Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 13:46:24.887Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 13:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 13:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 13:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 13:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 13:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 13:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 13:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 13:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 13:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 13:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 13:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 13:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 13:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 13:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 13:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 13:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 13:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 13:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 13:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 13:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 13:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 13:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 13:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 13:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 13:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 13:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 13:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 13:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 13:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 13:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 13:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 13:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 13:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 13:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 13:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 13:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 13:46:26.200Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 13:46:26.200Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 13:46:26.200Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 13:46:26.200Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 13:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 13:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 13:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 13:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 13:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 13:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 13:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 13:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 13:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 13:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 13:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 13:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 13:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 13:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 13:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 13:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 13:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 13:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 13:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 13:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 13:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 13:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 13:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 13:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 13:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 13:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 13:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 13:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 13:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 13:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 13:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 13:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 13:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 13:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 13:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 13:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 13:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 13:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 13:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 13:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 13:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 13:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 13:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 13:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 13:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 13:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 13:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 13:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 13:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 13:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 13:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 13:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 13:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 13:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 13:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 13:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 13:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 13:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 13:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 13:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 13:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 13:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 13:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 13:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 13:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 13:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 13:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 13:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 13:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 13:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 13:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 13:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 13:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 13:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 13:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 13:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 13:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 13:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 13:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 13:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 13:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 13:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 13:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 13:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 13:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 13:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 13:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 13:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 13:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 13:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 13:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 13:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 13:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 13:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 13:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 13:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 13:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 13:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 13:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 13:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 13:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 13:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 13:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 13:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 13:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 13:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 13:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 13:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 13:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 13:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 13:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 13:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 13:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 13:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 13:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 13:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 13:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 13:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 13:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 13:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 13:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 13:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 13:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 13:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 13:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 13:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 13:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 13:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 13:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 13:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 13:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 13:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 13:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 13:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 13:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 13:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 13:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 13:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 13:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 13:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 13:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 13:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 13:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 13:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 13:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 13:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 13:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 13:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 13:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 13:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 13:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 13:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 13:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 13:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 13:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 13:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 13:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 13:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 13:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 13:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 13:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 13:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 13:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 13:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 13:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 13:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 13:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 13:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 13:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 13:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 13:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 13:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 13:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 13:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 13:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 13:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 13:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 13:46:33.543Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 13:46:33.543Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 13:46:33.543Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 13:46:33.543Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 13:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 13:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 13:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 13:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 13:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 13:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 13:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 13:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 13:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 13:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 13:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 13:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 13:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 13:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 13:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 13:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 13:46:33.965Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 13:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 13:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 13:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 13:46:34.153Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 13:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 13:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 13:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 13:46:34.340Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 13:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 13:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 13:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 13:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 13:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 13:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 13:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 13:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 13:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 13:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 13:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 13:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 13:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 13:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 13:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 13:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 13:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 13:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 13:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 13:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 13:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 13:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 13:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 13:46:35.418Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 13:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 13:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 13:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 13:46:35.559Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 13:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 13:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 13:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 13:46:35.700Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 13:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 13:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 13:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 13:46:35.840Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 13:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 13:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 13:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 13:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 13:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 13:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 13:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 13:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 13:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 13:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 13:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 13:46:36.215Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 13:46:37.809Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 13:46:37.809Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 13:46:37.809Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 13:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 13:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 13:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 13:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 13:46:37.997Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 13:46:37.997Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 13:46:37.997Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 13:46:37.997Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 13:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 13:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 13:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 13:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 13:46:38.184Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 13:46:38.184Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 13:46:38.184Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 13:46:38.184Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 13:46:38.325Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 13:46:38.325Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 13:46:38.325Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 13:46:38.325Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 13:46:38.465Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 13:46:38.465Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 13:46:38.465Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 13:46:38.465Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 13:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 13:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 13:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 13:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 13:46:38.747Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 13:46:38.747Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 13:46:38.747Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 13:46:38.747Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 13:46:38.840Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 13:46:38.840Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 13:46:38.840Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 13:46:38.840Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 13:46:38.934Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 13:46:38.934Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 13:46:38.934Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 13:46:38.934Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 13:46:39.28Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 13:46:39.28Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 13:46:39.28Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 13:46:39.28Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 13:46:39.122Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 13:46:39.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 13:46:39.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 13:46:39.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 13:46:39.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 13:46:39.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 13:46:39.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 13:46:39.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 13:46:39.309Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 13:46:39.309Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 13:46:39.309Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 13:46:39.309Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 13:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 13:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 13:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 13:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 13:46:39.590Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 13:46:39.590Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 13:46:39.590Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 13:46:39.590Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 13:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 13:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 13:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 13:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 13:46:39.872Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 13:46:39.872Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 13:46:39.872Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 13:46:39.872Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 13:46:39.965Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 13:46:39.965Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 13:46:39.965Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.12Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.59Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 13:46:40.106Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.153Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.200Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.247Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.293Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.340Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.387Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.434Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 13:46:40.434Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 13:46:40.434Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 13:46:40.434Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 13:46:40.575Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 13:46:40.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
24/6/2020 - 13:46:40.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 13:46:40.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 13:46:40.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 13:46:40.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 13:46:40.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:40.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:41.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:46:41.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.559Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
24/6/2020 - 13:46:41.559Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 13:46:41.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:41.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:41.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:46:41.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:41.793Open1480C:\malware.exeC:\WindowsCodecs.dll
24/6/2020 - 13:46:41.793Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 13:46:41.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 13:46:41.793Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 13:46:41.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 13:46:41.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:41.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 13:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 13:46:42.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:42.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:46:42.75Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 13:46:42.215Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 13:46:42.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:42.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:42.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:42.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:42.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:42.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:42.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:42.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:42.778Open1480C:\malware.exeC:\malware.config
24/6/2020 - 13:46:42.778Open1480C:\malware.exeC:\pt-BR\pueRwLYgrDmvG.resources.dll
24/6/2020 - 13:46:42.778Open1480C:\malware.exeC:\pt-BR\pueRwLYgrDmvG.resources\pueRwLYgrDmvG.resources.dll
24/6/2020 - 13:46:42.778Open1480C:\malware.exeC:\pt-BR\pueRwLYgrDmvG.resources.exe
24/6/2020 - 13:46:42.778Open1480C:\malware.exeC:\pt-BR\pueRwLYgrDmvG.resources\pueRwLYgrDmvG.resources.exe
24/6/2020 - 13:46:42.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 13:46:42.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:43.12Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:43.12Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:43.12Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\pt\pueRwLYgrDmvG.resources.dll
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\pt\pueRwLYgrDmvG.resources\pueRwLYgrDmvG.resources.dll
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\pt\pueRwLYgrDmvG.resources.exe
24/6/2020 - 13:46:43.12Open1480C:\malware.exeC:\pt\pueRwLYgrDmvG.resources\pueRwLYgrDmvG.resources.exe
24/6/2020 - 13:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.28Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
24/6/2020 - 13:46:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:43.28Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:43.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:43.28Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:43.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:43.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:43.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 13:46:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:46:43.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:43.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:44.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:44.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\CRYPTSP.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:45.840Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
24/6/2020 - 13:46:45.840Open1480C:\malware.exeC:\bcrypt.dll
24/6/2020 - 13:46:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 13:46:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 13:46:45.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:45.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:46.762Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:46.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:46.903Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:46.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:46.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:46.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:46.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:46.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:47.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:47.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:47.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:47.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:47.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 13:46:47.559Open1480C:\malware.exeC:\VERSION.dll
24/6/2020 - 13:46:47.559Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 13:46:47.559Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 13:46:47.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:47.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.606Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:47.606Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:48.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:48.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.856Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
24/6/2020 - 13:46:49.856Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 13:46:49.856Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
24/6/2020 - 13:46:49.856Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 13:46:49.856Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
24/6/2020 - 13:46:49.856Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 13:46:49.856Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
24/6/2020 - 13:46:49.856Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 13:46:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:49.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:49.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:50.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:50.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:50.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:50.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:50.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:51.75Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:51.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:51.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:51.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:46:51.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:46:51.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.497Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:51.497Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:46:51.497Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:46:51.497Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:46:51.497Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.497Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:46:51.497Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.497Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:46:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:51.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:51.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:51.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:51.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:52.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.247Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\
24/6/2020 - 13:46:52.247Unknown1480C:\malware.exeC:\
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.247Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.247Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:46:52.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:46:52.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ui\SwDRM.dll
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 13:46:52.247Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 13:46:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Prefetch\REGSVCS.EXE-6C19C8B1.pf
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
24/6/2020 - 13:46:52.293Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.293Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:46:52.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
24/6/2020 - 13:46:52.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.309Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.309Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
24/6/2020 - 13:46:52.309Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
24/6/2020 - 13:46:52.309Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.309Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 13:46:52.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
24/6/2020 - 13:46:52.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.309Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 13:46:52.309Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
24/6/2020 - 13:46:52.309Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:46:52.309Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 13:46:52.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 13:46:52.325Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:52.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 13:46:52.325Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:52.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:46:52.325Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:46:52.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:46:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
24/6/2020 - 13:46:52.372Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.372Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
24/6/2020 - 13:46:52.372Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
24/6/2020 - 13:46:52.372Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 13:46:52.372Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 13:46:52.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 13:46:52.372Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1117343
24/6/2020 - 13:46:52.372Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1117343
24/6/2020 - 13:46:52.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1117359
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 13:46:52.434Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
24/6/2020 - 13:46:52.434Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.434Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CRYPTSP.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 13:46:52.434Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 13:46:52.450Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
24/6/2020 - 13:46:52.450Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.450Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.450Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.450Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
24/6/2020 - 13:46:52.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 13:46:52.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:46:52.465Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:52.465Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:52.528Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.528Open1480C:\malware.exeC:\RpcRtRemote.dll
24/6/2020 - 13:46:52.528Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 13:46:52.528Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 13:46:52.528Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 13:46:52.528Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 13:46:52.575Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.622Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.622Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.668Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 13:46:52.668Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 13:46:52.668Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.668Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:52.668Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 13:46:52.668Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 13:46:52.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.715Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.762Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.809Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:52.856Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
24/6/2020 - 13:46:52.903Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:46:52.903Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 13:46:52.903Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 13:46:52.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\bcrypt.dll
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 13:46:52.903Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 13:46:52.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.950Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:52.997Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:53.43Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:53.90Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:53.137Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:53.184Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:53.231Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:53.278Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:53.325Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:53.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\dwmapi.dll
24/6/2020 - 13:46:53.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 13:46:53.372Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 13:46:53.372Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.418Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.512Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:53.606Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:53.606Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:53.606Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:53.653Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.700Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.747Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.793Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.840Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.887Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.934Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:53.981Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.28Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.75Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:54.122Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:54.168Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.215Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:54.262Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:54.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:54.356Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:46:54.403Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.450Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.497Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.543Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.590Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.637Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.684Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.778Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.825Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.872Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.965Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.965Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.965Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
24/6/2020 - 13:46:54.965Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:54.965Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:54.965Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:54.965Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:54.965Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:55.59Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RpcRtRemote.dll
24/6/2020 - 13:46:55.59Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 13:46:55.59Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 13:46:55.59Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 13:46:55.59Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
24/6/2020 - 13:46:55.106Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
24/6/2020 - 13:46:55.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
24/6/2020 - 13:46:55.122Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
24/6/2020 - 13:46:55.356Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
24/6/2020 - 13:46:55.356Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
24/6/2020 - 13:46:55.825Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
24/6/2020 - 13:46:55.825Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
24/6/2020 - 13:46:55.825Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
24/6/2020 - 13:46:55.825Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
24/6/2020 - 13:46:55.825Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.247Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\SXS.DLL
24/6/2020 - 13:46:56.247Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 13:46:56.247Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 13:46:56.247Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.247Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.262Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.262Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.262Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 13:46:56.262Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:56.731Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 13:46:56.731Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:56.731Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 13:46:56.731Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 13:46:56.731Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 13:46:56.731Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:56.731Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:56.731Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 13:46:56.731Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.747Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.747Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.747Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.747Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:56.747Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
24/6/2020 - 13:46:57.668Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
24/6/2020 - 13:46:57.668Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:57.668Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.715Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.715Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:57.715Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.715Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:57.715Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:46:57.762Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.762Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.809Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.856Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:57.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:46:57.950Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 13:46:57.997Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 13:46:57.997Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 13:46:57.997Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 13:46:58.43Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 13:46:58.90Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 13:46:58.137Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 13:46:58.184Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 13:46:58.184Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 13:46:58.184Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
24/6/2020 - 13:46:58.184Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:58.184Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:58.184Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:46:58.184Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 13:46:58.184Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 13:46:58.700Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
24/6/2020 - 13:47:2.278Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:3.997Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:5.215Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:47:5.215Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:47:5.215Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:47:15.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:15.653Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:47:23.887Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData
24/6/2020 - 13:47:23.887Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
24/6/2020 - 13:47:23.887Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users
24/6/2020 - 13:47:23.887Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc
24/6/2020 - 13:47:23.887Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe
24/6/2020 - 13:47:23.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe
24/6/2020 - 13:47:23.887Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe
24/6/2020 - 13:47:23.887Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:47:23.887Write2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe
24/6/2020 - 13:47:23.887Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe
24/6/2020 - 13:47:23.887Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:28.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe
24/6/2020 - 13:47:28.43Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe
24/6/2020 - 13:47:28.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\LKUgjc\LKUgjc.exe:Zone.Identifier
24/6/2020 - 13:47:39.372Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:39.418Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:39.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:39.512Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 13:47:39.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:39.606Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:39.653Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:39.700Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:39.747Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:39.793Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:39.840Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:39.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\shfolder.dll
24/6/2020 - 13:47:39.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 13:47:39.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 13:47:39.887Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 13:47:39.887Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 13:47:39.887Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:39.934Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:39.981Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:40.28Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:40.75Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:40.122Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:40.168Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:40.215Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\liebao\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Torch\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
24/6/2020 - 13:47:40.325Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
24/6/2020 - 13:47:40.340Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:40.387Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Storage
24/6/2020 - 13:47:40.387Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\mail
24/6/2020 - 13:47:40.387Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
24/6/2020 - 13:47:40.387Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
24/6/2020 - 13:47:40.387Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.434Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.481Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.528Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.575Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.622Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.715Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.762Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.809Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.856Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.950Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:40.997Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
24/6/2020 - 13:47:40.997Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\en-us.nlp
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
24/6/2020 - 13:47:41.43Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
24/6/2020 - 13:47:41.43Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:47:41.43Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:47:41.43Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:47:41.43Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:47:41.43Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:47:41.43Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:47:41.43Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 13:47:41.43Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:47:41.43Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:47:41.43Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:47:41.90Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:47:41.137Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:41.184Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:41.231Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
24/6/2020 - 13:47:41.231Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
24/6/2020 - 13:47:41.231Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
24/6/2020 - 13:47:41.231Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
24/6/2020 - 13:47:41.247Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
24/6/2020 - 13:47:41.247Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:41.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 13:47:41.293Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 13:47:41.340Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 13:47:41.340Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.387Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.387Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.387Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.434Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.481Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.528Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.575Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.622Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 13:47:41.622Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 13:47:41.622Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.622Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.622Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.622Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.622Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.622Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 13:47:41.622Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:41.668Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:41.715Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
24/6/2020 - 13:47:41.715Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
24/6/2020 - 13:47:41.715Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
24/6/2020 - 13:47:41.715Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
24/6/2020 - 13:47:41.715Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
24/6/2020 - 13:47:41.715Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
24/6/2020 - 13:47:41.715Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:41.762Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
24/6/2020 - 13:47:41.762Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:41.809Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:41.856Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.137Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 13:47:42.137Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 13:47:42.137Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\scrrun.dll
24/6/2020 - 13:47:42.184Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\scrrun.dll
24/6/2020 - 13:47:42.559Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:47:42.559Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:42.559Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\FTP Navigator\Ftplist.txt
24/6/2020 - 13:47:42.575Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 13:47:42.575Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 13:47:42.575Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 13:47:42.575Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
24/6/2020 - 13:47:42.575Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:47:42.575Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:47:42.575Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:47:42.575Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 13:47:42.575Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 13:47:42.575Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 13:47:42.622Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
24/6/2020 - 13:47:42.622Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
24/6/2020 - 13:47:42.622Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:42.668Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 13:47:42.762Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:42.762Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 13:47:42.762Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:42.809Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:42.856Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:42.903Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:42.950Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:42.997Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.43Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.90Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.137Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.184Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.231Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.278Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.325Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.372Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.418Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.465Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.512Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.559Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:47:43.606Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 13:47:43.606Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.653Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.700Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.747Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.793Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.840Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.887Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.934Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:43.981Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.28Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.75Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.122Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.168Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.215Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.262Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.309Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.356Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.403Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.450Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.497Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
24/6/2020 - 13:47:44.497Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
24/6/2020 - 13:47:44.497Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
24/6/2020 - 13:47:44.497Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:44.543Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:44.590Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
24/6/2020 - 13:47:44.590Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:44.637Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
24/6/2020 - 13:47:44.637Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
24/6/2020 - 13:47:44.637Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
24/6/2020 - 13:47:44.637Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\The Bat!
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
24/6/2020 - 13:47:44.684Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
24/6/2020 - 13:47:44.684Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 13:47:44.747Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
24/6/2020 - 13:47:44.747Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
24/6/2020 - 13:47:44.747Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
24/6/2020 - 13:47:44.747Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)\jDownloader\config\database.script
24/6/2020 - 13:47:44.747Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 13:47:44.793Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:44.840Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
24/6/2020 - 13:47:44.840Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
24/6/2020 - 13:47:44.840Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor\Folder.lst
24/6/2020 - 13:47:44.840Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:44.887Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:44.934Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:44.981Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:45.28Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:45.75Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:45.122Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:45.168Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:45.215Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:45.262Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
24/6/2020 - 13:47:45.262Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:45.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
24/6/2020 - 13:47:45.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
24/6/2020 - 13:47:45.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
24/6/2020 - 13:47:45.309Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
24/6/2020 - 13:47:45.747Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 13:47:45.747Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 13:47:45.747Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 13:47:45.747Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 13:47:46.90Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:46.90Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:46.90Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
24/6/2020 - 13:47:46.90Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
24/6/2020 - 13:47:46.90Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
24/6/2020 - 13:47:46.90Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\UCBrowser
24/6/2020 - 13:47:46.106Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:46.106Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:46.106Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:46.106Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:46.106Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor
24/6/2020 - 13:47:46.106Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\netsh.exe
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor\netsh.exe
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64
24/6/2020 - 13:47:46.106Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
24/6/2020 - 13:47:46.106Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
24/6/2020 - 13:47:46.106Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64
24/6/2020 - 13:47:46.106Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64
24/6/2020 - 13:47:46.106Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64
24/6/2020 - 13:47:46.106Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 13:47:46.106Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 13:47:46.106Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 13:47:46.106Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 13:47:46.122Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ui\SwDRM.dll
24/6/2020 - 13:47:46.122Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 13:47:46.122Read2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\Prefetch\NETSH.EXE-CD959116.pf
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows
24/6/2020 - 13:47:46.168Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows
24/6/2020 - 13:47:46.168Open2676C:\Windows\SysWOW64\netsh.exeC:\Monitor
24/6/2020 - 13:47:46.325Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 13:47:46.325Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 13:47:46.325Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
24/6/2020 - 13:47:46.325Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
24/6/2020 - 13:47:46.325Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 13:47:46.325Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 13:47:46.325Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:47:46.340Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:47:46.340Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:47:46.340Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:47:46.340Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:47:46.340Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 13:47:46.340Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.mui
24/6/2020 - 13:47:46.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
24/6/2020 - 13:47:46.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe.Local
24/6/2020 - 13:47:46.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 13:47:46.387Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 13:47:46.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 13:47:46.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 13:47:46.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.Manifest
24/6/2020 - 13:47:46.403Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
24/6/2020 - 13:47:46.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
24/6/2020 - 13:47:46.418Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
24/6/2020 - 13:47:46.465Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
24/6/2020 - 13:47:46.934Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 13:47:46.934Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 13:47:46.934Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 13:47:46.934Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 13:47:47.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
24/6/2020 - 13:47:47.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
24/6/2020 - 13:47:47.778Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL
24/6/2020 - 13:47:47.778Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL.DLL
24/6/2020 - 13:47:47.778Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL
24/6/2020 - 13:47:47.778Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL.DLL
24/6/2020 - 13:47:47.825Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
24/6/2020 - 13:47:47.825Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
24/6/2020 - 13:47:48.153Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
24/6/2020 - 13:47:48.200Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
24/6/2020 - 13:47:48.622Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
24/6/2020 - 13:47:48.668Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 13:47:48.668Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
24/6/2020 - 13:47:48.668Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 13:47:48.715Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 13:47:48.762Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 13:47:48.809Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 13:47:48.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 13:47:48.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 13:47:48.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 13:47:48.856Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 13:47:48.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 13:47:48.856Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 13:47:48.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:48.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:49.137Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
24/6/2020 - 13:47:49.137Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
24/6/2020 - 13:47:49.418Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
24/6/2020 - 13:47:49.418Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
24/6/2020 - 13:47:49.512Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 13:47:49.559Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
24/6/2020 - 13:47:49.606Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
24/6/2020 - 13:47:49.793Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
24/6/2020 - 13:47:49.840Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
24/6/2020 - 13:47:49.981Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 13:47:49.981Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 13:47:50.28Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
24/6/2020 - 13:47:50.28Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
24/6/2020 - 13:47:50.28Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.28Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.43Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.43Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.43Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 13:47:50.43Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 13:47:50.43Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
24/6/2020 - 13:47:50.43Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
24/6/2020 - 13:47:50.43Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.43Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.43Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.43Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.43Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 13:47:50.43Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
24/6/2020 - 13:47:50.43Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
24/6/2020 - 13:47:50.43Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
24/6/2020 - 13:47:50.43Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
24/6/2020 - 13:47:50.325Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
24/6/2020 - 13:47:50.325Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
24/6/2020 - 13:47:50.700Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
24/6/2020 - 13:47:50.747Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
24/6/2020 - 13:47:51.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 13:47:51.28Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 13:47:51.122Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
24/6/2020 - 13:47:51.122Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
24/6/2020 - 13:47:51.309Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 13:47:51.309Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 13:47:51.309Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 13:47:51.309Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 13:47:51.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
24/6/2020 - 13:47:51.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
24/6/2020 - 13:47:51.543Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
24/6/2020 - 13:47:51.543Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
24/6/2020 - 13:47:51.872Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
24/6/2020 - 13:47:51.872Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
24/6/2020 - 13:47:52.12Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
24/6/2020 - 13:47:52.59Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
24/6/2020 - 13:47:52.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
24/6/2020 - 13:47:52.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
24/6/2020 - 13:47:52.575Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
24/6/2020 - 13:47:52.575Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
24/6/2020 - 13:47:52.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
24/6/2020 - 13:47:52.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
24/6/2020 - 13:47:52.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
24/6/2020 - 13:47:52.856Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
24/6/2020 - 13:47:53.137Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
24/6/2020 - 13:47:53.184Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
24/6/2020 - 13:47:53.465Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
24/6/2020 - 13:47:53.465Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
24/6/2020 - 13:47:53.934Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
24/6/2020 - 13:47:53.981Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
24/6/2020 - 13:47:54.262Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
24/6/2020 - 13:47:54.309Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
24/6/2020 - 13:47:54.825Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
24/6/2020 - 13:47:54.825Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
24/6/2020 - 13:47:55.106Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
24/6/2020 - 13:47:55.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
24/6/2020 - 13:47:55.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
24/6/2020 - 13:47:55.622Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
24/6/2020 - 13:47:55.622Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
24/6/2020 - 13:47:55.950Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
24/6/2020 - 13:47:55.950Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
24/6/2020 - 13:47:56.215Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
24/6/2020 - 13:47:56.262Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
24/6/2020 - 13:47:56.262Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
24/6/2020 - 13:47:56.262Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
24/6/2020 - 13:47:56.262Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
24/6/2020 - 13:47:56.262Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
24/6/2020 - 13:47:56.278Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 13:47:56.278Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 13:47:56.278Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 13:47:56.278Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 13:47:56.278Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
24/6/2020 - 13:47:56.278Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
24/6/2020 - 13:47:56.278Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
24/6/2020 - 13:47:56.278Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
24/6/2020 - 13:47:56.278Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
24/6/2020 - 13:47:56.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
24/6/2020 - 13:47:56.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
24/6/2020 - 13:47:56.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
24/6/2020 - 13:47:56.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
24/6/2020 - 13:47:56.293Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
24/6/2020 - 13:47:56.293Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.293Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.293Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.293Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.293Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.293Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.293Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.293Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 13:47:56.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 13:47:56.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 13:47:56.293Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 13:47:56.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 13:47:56.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 13:47:56.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 13:47:56.356Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 13:47:56.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 13:47:56.356Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 13:47:56.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\qagentrt.dll
24/6/2020 - 13:47:56.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 13:47:56.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 13:47:56.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
24/6/2020 - 13:47:56.356Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
24/6/2020 - 13:47:56.372Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.372Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
24/6/2020 - 13:47:56.372Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
24/6/2020 - 13:47:56.387Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
24/6/2020 - 13:47:56.387Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.387Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
24/6/2020 - 13:47:56.403Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
24/6/2020 - 13:47:56.403Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
24/6/2020 - 13:47:56.403Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
24/6/2020 - 13:47:56.403Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
24/6/2020 - 13:47:56.403Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 13:47:56.512Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 13:47:56.512Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 13:47:56.512Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 13:47:56.559Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.mui
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.559Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.606Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
24/6/2020 - 13:47:56.606Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
24/6/2020 - 13:47:56.700Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.700Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.700Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 13:47:56.700Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
24/6/2020 - 13:47:56.700Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
24/6/2020 - 13:47:56.700Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
24/6/2020 - 13:47:56.700Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
24/6/2020 - 13:47:56.747Open2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.mui
24/6/2020 - 13:47:56.747Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
24/6/2020 - 13:47:56.747Read2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
24/6/2020 - 13:47:57.75Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows
24/6/2020 - 13:47:57.75Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Monitor
24/6/2020 - 13:47:57.75Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.muinetsh.exe.mui
24/6/2020 - 13:47:57.75Unknown2676C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 13:47:57.75Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\cftp\Ftplist.txt
24/6/2020 - 13:47:57.75Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
24/6/2020 - 13:47:57.75Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)
24/6/2020 - 13:47:57.75Unknown2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)
24/6/2020 - 13:47:57.75Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
24/6/2020 - 13:47:57.75Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
24/6/2020 - 13:47:57.90Open2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini

Process
Trace
24/6/2020 - 13:46:52.247Create1480C:\malware.exe2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
24/6/2020 - 13:47:46.106Create2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe2676C:\Windows\SysWOW64\netsh.exe
24/6/2020 - 13:47:57.75Terminate2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe2676C:\Windows\SysWOW64\netsh.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
24/6/2020 - 13:45:56.840Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
24/6/2020 - 13:47:23.934Write2820C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeHKCU\Software\Microsoft\Windows\CurrentVersion\RunLKUgjc
24/6/2020 - 13:47:56.356Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.356Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.356Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.356Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.356Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-100
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-101
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-103
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-102
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-1
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.372Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-2
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-4
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-3
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-100
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-101
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-102
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-103
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.387Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-100
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-101
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-102
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-103
24/6/2020 - 13:47:56.403Write2676C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 69.92%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 82.13%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 63.31%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 97.94%
suspicious: False cancel

Add to Collection
Download