Report #10754 check_circle

  • Creation Date: June 24, 2020, 8:33 p.m.
  • Last Update: June 24, 2020, 8:37 p.m.
  • File: PO copy.pdf.exe
  • Results:
Binary
DLL
False cancel
Size
415.00KB
trid
62.0% Generic CIL Executable
23.4% Win64 Executable
5.5% Win32 Dynamic Link Library
3.8% Win32 Executable
1.7% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
79f3e491257594a7dc80b5c2f310f9b6
sha1
9d9f514c69fcae432c9cb5d73d2891fb9f583cae
crc32
0x4224238f
sha224
a7bdc5ea67d930bb540496603dc04ee78a4fe9092524081f61c4762a
sha256
79aee42afbd9b6b6c639d56411291d60d0fa0058a71b831460cf0476ed99ed36
sha384
058c948feab824f3b4a1f5e2fe0d767f9335ff75b0414bb90e4471d339951c617a5f31f934feb6b7136380e364bfc123
sha512
7e187d52ccaadadc133b7d5823906ecb49b6b57619a9670c832726c0f5663e03254af15ddafcd99940230b3477e91167160cd515e4d5ba4abc0dfb5e4fdc6148
ssdeep
12288:y876WYB6V1Ujtn9IfDW78JrmsibrKAbGjgNNorPg9MnhBtPfD:5YB6V1UZiyABmsiiAVNqrP2MhXP7
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
n.gI
System.IO
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Z.bG
System.IO.Ports
B.rsrc
i.eru?
16.0.0.0
c%/RI
,N-eP
Magical.Trevor.Properties.Resources.resources
8H_%o
%3Ar6
%ovE7
[%G>E=d
`%se<VH
iN[%G
LRv|%a
8tc%fo
3System.Resources.Tools.StronglyTypedResourceBuilder
Delegate
Yffeefeffefea
System.Windows.Forms
mscoree.dll
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
get_MetadataToken
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
DebuggerHiddenAttribute
DebuggerBrowsableState
remove_PropertyChanged
ResourceManager
OnClientSizeChanged
%/[6
OnPaint
hr~W
I'CGn
TW_CI
&oR17
&oe_
$f9a75839-7e9b-436b-b3d8-32b9105e7400
GetPublicKeyToken
1.0.7413.18517
ckXtkF.exe
ckXtkF.exe
ckXtkF.exe
,;F.mK@
ComponentResourceManager
DebuggerBrowsableAttribute
DebuggerNonUserCodeAttribute
W5E'5EfH
GetExecutingAssembly
4w8N=KSe
_CorExeMain
iFPNu.5uB
get_Height
set_Height
Action`1
Magical.Trevor
Magical.Trevor
Magical.Trevor
s&e7f9=9
=4s&W:ha
IEnumerator`1
Dictionary`2
ICollection`1
IDictionary`2
IEnumerable`1
set_AutoScaleMode
get_Current
get_Transparent
+WrO2};
ow`NUoFg
get_CurrentThread
get_CurrentDomain
get_Controls
RPB%,:TDE}|
set_ClientSize
System.ServiceProcess
set_Dock
add_Load
get_Count
set_Location
zRC7s:t5Y
add_Click
set_FileName
set_AutoSize
set_TabIndex
set_FullName
get_FullName
set_Item
set_Icon
get_Name
set_Main

Foremost
Matches
0.exe, 415 KB, 47.png, 335 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 430098
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-04-18 04:17:18
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 207

pushpopmath
.text: 106

ss register
.text: 5

garbagebytes
.text: 68

hookdetection
.text: 8

software breakpoint
.text: 4

fakeconditionaljumps
.text: 5

programcontrolflowchange
.text: 65

cpuinstructionsresultscomparison
.rsrc: 1
.text: 2

AVclass
nanobot
1
VirusTotal
md5
79f3e491257594a7dc80b5c2f310f9b6
sha1
9d9f514c69fcae432c9cb5d73d2891fb9f583cae
SCANS (DETECTION RATE = 72.60%)
AVG
result: Win32:TrojanX-gen [Trj]
update: 20200422
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=87)
update: 20200422
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200422
version: 6.14
detected: True check_circle

Bkav
update: 20200422
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 00564d501 )
update: 20200422
version: 11.104.33866
detected: True check_circle

ALYac
result: Backdoor.Agent.NanoBot.Gen
update: 20200422
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:TrojanX-gen [Trj]
update: 20200422
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.AgentTesla.gvzfj
update: 20200422
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.ANX.gen!Eldorado
update: 20200422
version: 6.2.2.2
detected: True check_circle

DrWeb
result: Trojan.PWS.Siggen2.47555
update: 20200422
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.33683989
update: 20200422
version: A:25.25479B:26.18465
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200421
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20200422
version: 4.3.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200422
version: 83166
detected: True check_circle

Zoner
update: 20200422
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200421
version: 0.102.2.0
detected: False cancel

Comodo
result: Malware@#64ybviejsi6r
update: 20200422
version: 32356
detected: True check_circle

F-Prot
result: W32/MSIL_Kryptik.ANX.gen!Eldorado
update: 20200422
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.MSIL.Inject
update: 20200422
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic.dx
update: 20200422
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.NanoBot!8.28C (CLOUD)
update: 20200422
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/MSIL-OKC
update: 20200422
version: 4.98.0
detected: True check_circle

Yandex
update: 20200418
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200422
version: 2.0.0.4073
detected: False cancel

Acronis
result: suspicious
update: 20200422
version: 1.1.1.75
detected: True check_circle

Alibaba
result: Backdoor:MSIL/Kryptik.95d5965a
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D201FA15
update: 20200422
version: 1.0.0.871
detected: True check_circle

Cylance
result: Unsafe
update: 20200422
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200226
version: 3.0.17
detected: True check_circle

FireEye
result: Generic.mg.79f3e491257594a7
update: 20200316
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200412
version: 1.0
detected: True check_circle

TACHYON
update: 20200422
version: 2020-04-22.02
detected: False cancel

Tencent
update: 20200422
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200422
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Gen
update: 20200422
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_99%
update: 20200422
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.33683989
update: 20200422
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.NanoBot.m!c
update: 20200422
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33683989 (B)
update: 20200422
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.AgentTesla.gvzfj
update: 20200422
version: 12.0.86.52
detected: True check_circle

Fortinet
result: Malicious_Behavior.SB
update: 20200422
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200407
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200422
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200422
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200422
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200422
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20200123
version: 3.2.22.914
detected: True check_circle

AhnLab-V3
result: Malware/Win32.RL_Generic.C4071717
update: 20200422
version: 3.17.5.27267
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/MSIL.NanoBot
update: 20200422
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.MSIL.NanoBot.gen
update: 20200422
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200420
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Occamy.C
update: 20200422
version: 1.1.16900.4
detected: True check_circle

Qihoo-360
result: Generic/Backdoor.BO.5c9
update: 20200422
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Backdoor.MSIL.NanoBot.gen
update: 20200422
version: 1.0
detected: True check_circle

Cybereason
result: malicious.c69fca
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.VNK
update: 20200422
version: 21207
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0RDJ20
update: 20200422
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33683989
update: 20200422
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_80% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200407
version: 11.102.33708
detected: False cancel

SentinelOne
result: DFI - Suspicious PE
update: 20200406
version: 2.1.0.89
detected: True check_circle

Avast-Mobile
update: 20200422
version: 200422-00
detected: False cancel

Malwarebytes
result: Trojan.Crypt.MSIL.Generic
update: 20200422
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200422
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200421
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200422
version: 1.0.134.25032
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34106.zm0@aC2Zbmc
update: 20200408
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33683989
update: 20200422
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200422
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20200422
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R002C0RDJ20
update: 20200422
version: 10.0.0.1040
detected: True check_circle

total
73
sha256
79aee42afbd9b6b6c639d56411291d60d0fa0058a71b831460cf0476ed99ed36
scan_id
79aee42afbd9b6b6c639d56411291d60d0fa0058a71b831460cf0476ed99ed36-1587558925
resource
79f3e491257594a7dc80b5c2f310f9b6
positives
53
scan_date
2020-04-22 12:35:25
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
24/6/2020 - 19:45:44.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:45:44.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.903Open1480C:\malware.exeC:\malware.exe.config
24/6/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:45:44.918Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:44.918Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:45:44.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:45:44.918Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.340Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:45.387Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:45.434Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:46.137Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\
24/6/2020 - 19:45:46.137Unknown1480C:\malware.exeC:\
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\Monitor
24/6/2020 - 19:45:46.137Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:45:46.137Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:46.137Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:45:46.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:45:46.184Open1480C:\malware.exeC:\malware.config
24/6/2020 - 19:45:46.184Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:46.184Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:46.184Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:45:46.184Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 19:45:46.184Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:46.184Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:46.184Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:45:46.184Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:45:46.200Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:45:46.200Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:45:46.200Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:46.200Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:46.200Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:46.200Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:46.200Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:46.200Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:45:46.200Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.200Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:46.215Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 19:45:46.215Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:46.215Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.215Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.215Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:47.684Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:47.918Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.575Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:48.668Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:45:49.59Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:45:49.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:49.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:49.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:50.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:50.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:51.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:51.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
24/6/2020 - 19:45:51.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
24/6/2020 - 19:45:51.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 19:45:51.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 19:45:51.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 19:45:51.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 19:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:51.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:51.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:51.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:51.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:51.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:51.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:52.75Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 19:45:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:52.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:52.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:52.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:52.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:54.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:54.137Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.278Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.278Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:45:54.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:45:54.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:45:54.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:54.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:54.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:55.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:55.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:55.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:55.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:55.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:55.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:55.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:55.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:55.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:55.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:55.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:55.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:56.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:56.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:56.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:56.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:56.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:56.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:56.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:56.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:56.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:56.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:56.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:56.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
24/6/2020 - 19:45:56.997Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:45:56.997Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 19:45:56.997Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 19:45:56.997Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 19:45:56.997Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\ShFolder.DLL
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:57.43Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:45:57.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:57.43Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:45:57.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
24/6/2020 - 19:45:57.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 19:45:57.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 19:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 19:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 19:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 19:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 19:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 19:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 19:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 19:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 19:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 19:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 19:45:57.75Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 19:45:57.75Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 19:45:57.75Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 19:45:57.75Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 19:45:57.215Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 19:45:57.262Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 19:45:57.262Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 19:45:57.262Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 19:45:57.356Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 19:45:57.403Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 19:45:57.403Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 19:45:57.403Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 19:45:57.543Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 19:45:57.590Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 19:45:57.590Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 19:45:57.590Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 19:45:57.731Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 19:45:57.778Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 19:45:57.778Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 19:45:57.778Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 19:45:57.872Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 19:45:57.872Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 19:45:57.872Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 19:45:57.872Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 19:45:57.965Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 19:45:57.965Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 19:45:57.965Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 19:45:57.965Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 19:45:58.59Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 19:45:58.59Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 19:45:58.59Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 19:45:58.59Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 19:45:58.200Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 19:45:58.200Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 19:45:58.200Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 19:45:58.200Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 19:45:58.340Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 19:45:58.387Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 19:45:58.387Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 19:45:58.387Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 19:45:58.481Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 19:45:58.528Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 19:45:58.528Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 19:45:58.528Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 19:45:58.622Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 19:45:58.622Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 19:45:58.622Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 19:45:58.622Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 19:45:58.715Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 19:45:58.715Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 19:45:58.715Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 19:45:58.715Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 19:45:59.278Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 19:45:59.700Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 19:45:59.747Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 19:45:59.793Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 19:45:59.793Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 19:45:59.793Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 19:45:59.793Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 19:45:59.887Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 19:45:59.887Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 19:45:59.887Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 19:45:59.887Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 19:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 19:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 19:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 19:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 19:46:0.122Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 19:46:0.122Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 19:46:0.122Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 19:46:0.122Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 19:46:0.215Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 19:46:0.262Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 19:46:0.262Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 19:46:0.262Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 19:46:0.356Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 19:46:0.403Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 19:46:0.403Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 19:46:0.403Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 19:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 19:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 19:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 19:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 19:46:0.590Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 19:46:0.590Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 19:46:0.590Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 19:46:0.590Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 19:46:0.684Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 19:46:0.731Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 19:46:0.731Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 19:46:0.731Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 19:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 19:46:0.872Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 19:46:0.872Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 19:46:0.872Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 19:46:0.965Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 19:46:0.965Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 19:46:0.965Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 19:46:0.965Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 19:46:1.59Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 19:46:1.59Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 19:46:1.59Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 19:46:1.59Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 19:46:1.153Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 19:46:1.153Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 19:46:1.153Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 19:46:1.153Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 19:46:1.247Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 19:46:1.247Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 19:46:1.247Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 19:46:1.247Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 19:46:1.340Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 19:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 19:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 19:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 19:46:1.668Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 19:46:1.809Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 19:46:1.809Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 19:46:1.809Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 19:46:2.90Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 19:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 19:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 19:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 19:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 19:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 19:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 19:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 19:46:2.512Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 19:46:2.559Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 19:46:2.559Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 19:46:2.559Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 19:46:3.215Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 19:46:3.918Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 19:46:4.293Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 19:46:4.715Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 19:46:5.90Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 19:46:5.90Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 19:46:5.90Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 19:46:5.747Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 19:46:6.450Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 19:46:6.825Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 19:46:7.278Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 19:46:7.793Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 19:46:7.840Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 19:46:7.840Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 19:46:7.840Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 19:46:8.168Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 19:46:8.497Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 19:46:8.497Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 19:46:8.497Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 19:46:8.825Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 19:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 19:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 19:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 19:46:9.481Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 19:46:9.856Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 19:46:9.903Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 19:46:9.903Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 19:46:10.278Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 19:46:10.606Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 19:46:10.606Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 19:46:10.606Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 19:46:11.122Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 19:46:11.497Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 19:46:11.497Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 19:46:11.497Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 19:46:11.497Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 19:46:11.497Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 19:46:12.59Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 19:46:12.481Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 19:46:12.481Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 19:46:12.481Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 19:46:12.481Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 19:46:12.481Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 19:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 19:46:12.715Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 19:46:12.715Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 19:46:12.715Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 19:46:13.137Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 19:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 19:46:13.606Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 19:46:13.700Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 19:46:13.747Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 19:46:13.747Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 19:46:14.122Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 19:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 19:46:14.543Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 19:46:14.543Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 19:46:14.543Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 19:46:14.637Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 19:46:14.637Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 19:46:14.637Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 19:46:14.637Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 19:46:14.731Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 19:46:14.731Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 19:46:14.731Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 19:46:14.731Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 19:46:14.825Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 19:46:14.825Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 19:46:14.825Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 19:46:14.825Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 19:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 19:46:15.200Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 19:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 19:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 19:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 19:46:15.387Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 19:46:15.387Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 19:46:15.387Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 19:46:15.434Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 19:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 19:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 19:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 19:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 19:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 19:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 19:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 19:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 19:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 19:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 19:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 19:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 19:46:15.856Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 19:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 19:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 19:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 19:46:16.137Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 19:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 19:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 19:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 19:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 19:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 19:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 19:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 19:46:16.325Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 19:46:16.325Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 19:46:16.325Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 19:46:16.325Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 19:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 19:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 19:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 19:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 19:46:16.512Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 19:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 19:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 19:46:16.793Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 19:46:16.793Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 19:46:16.793Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 19:46:16.934Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 19:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 19:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 19:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 19:46:17.122Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 19:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 19:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 19:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 19:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 19:46:17.543Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 19:46:17.731Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 19:46:17.731Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 19:46:17.731Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 19:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 19:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 19:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 19:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 19:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 19:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 19:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 19:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 19:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 19:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 19:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 19:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 19:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 19:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 19:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 19:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 19:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 19:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 19:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 19:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 19:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 19:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 19:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 19:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 19:46:18.434Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 19:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 19:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 19:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 19:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 19:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 19:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 19:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 19:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 19:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 19:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 19:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 19:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 19:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 19:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 19:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 19:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 19:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 19:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 19:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 19:46:19.137Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 19:46:19.137Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 19:46:19.137Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 19:46:19.137Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 19:46:19.278Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 19:46:19.278Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 19:46:19.278Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 19:46:19.278Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 19:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 19:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 19:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 19:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 19:46:19.372Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 19:46:19.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:19.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:19.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:19.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:19.465Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 19:46:19.465Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 19:46:19.465Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 19:46:19.559Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 19:46:19.559Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 19:46:19.559Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 19:46:19.559Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 19:46:19.653Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 19:46:19.653Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 19:46:19.653Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 19:46:19.653Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 19:46:19.747Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 19:46:19.747Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 19:46:19.747Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 19:46:19.747Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 19:46:19.840Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 19:46:19.840Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 19:46:19.840Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 19:46:19.840Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 19:46:19.934Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 19:46:19.934Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 19:46:19.934Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 19:46:19.934Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 19:46:20.28Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 19:46:20.28Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 19:46:20.28Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 19:46:20.28Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 19:46:20.122Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 19:46:20.122Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 19:46:20.122Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 19:46:20.122Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 19:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 19:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 19:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 19:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 19:46:20.309Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 19:46:20.309Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 19:46:20.309Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 19:46:20.309Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 19:46:20.403Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 19:46:20.403Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 19:46:20.403Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 19:46:20.403Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 19:46:20.497Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 19:46:20.497Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 19:46:20.497Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 19:46:20.497Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 19:46:20.590Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 19:46:20.590Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 19:46:20.590Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 19:46:20.590Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 19:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 19:46:20.778Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 19:46:20.778Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 19:46:20.778Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 19:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 19:46:20.965Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 19:46:20.965Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 19:46:20.965Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 19:46:21.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 19:46:21.59Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 19:46:21.59Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 19:46:21.59Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 19:46:21.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 19:46:21.153Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 19:46:21.153Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 19:46:21.153Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 19:46:21.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 19:46:21.247Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 19:46:21.247Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 19:46:21.247Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 19:46:21.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 19:46:21.340Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 19:46:21.340Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 19:46:21.340Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 19:46:21.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 19:46:21.434Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 19:46:21.434Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 19:46:21.434Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 19:46:21.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 19:46:21.528Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 19:46:21.528Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 19:46:21.528Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 19:46:21.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 19:46:21.622Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 19:46:21.622Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 19:46:21.622Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 19:46:21.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 19:46:21.715Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 19:46:21.715Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 19:46:21.715Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 19:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 19:46:21.903Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 19:46:21.903Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 19:46:21.903Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 19:46:21.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 19:46:21.997Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 19:46:21.997Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 19:46:21.997Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 19:46:21.997Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 19:46:21.997Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 19:46:21.997Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 19:46:21.997Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 19:46:22.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 19:46:22.90Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 19:46:22.90Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 19:46:22.90Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 19:46:22.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 19:46:22.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 19:46:22.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 19:46:22.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 19:46:22.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 19:46:22.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 19:46:22.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 19:46:22.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 19:46:22.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 19:46:22.372Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 19:46:22.372Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 19:46:22.372Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 19:46:22.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 19:46:22.465Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 19:46:22.465Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 19:46:22.465Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 19:46:22.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 19:46:22.559Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 19:46:22.559Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 19:46:22.559Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\script.fon
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\script.fon
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\script.fon
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 19:46:22.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 19:46:22.747Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 19:46:22.747Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 19:46:22.747Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 19:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 19:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 19:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 19:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 19:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 19:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 19:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 19:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 19:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 19:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 19:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 19:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 19:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 19:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 19:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 19:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 19:46:23.497Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 19:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 19:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 19:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 19:46:23.778Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 19:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 19:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 19:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 19:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 19:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 19:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 19:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 19:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 19:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 19:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 19:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 19:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 19:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 19:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 19:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 19:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 19:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 19:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 19:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 19:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 19:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 19:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 19:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 19:46:24.528Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 19:46:24.528Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 19:46:24.528Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 19:46:24.528Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 19:46:24.622Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 19:46:24.622Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 19:46:24.622Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 19:46:24.622Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 19:46:24.715Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 19:46:24.715Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 19:46:24.715Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 19:46:24.715Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 19:46:24.809Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 19:46:24.809Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 19:46:24.809Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 19:46:24.809Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 19:46:24.903Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 19:46:24.903Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 19:46:24.903Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 19:46:24.903Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 19:46:24.997Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 19:46:24.997Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 19:46:24.997Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 19:46:24.997Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 19:46:25.278Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 19:46:25.372Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 19:46:25.372Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 19:46:25.372Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 19:46:25.653Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 19:46:25.747Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 19:46:25.747Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 19:46:25.747Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 19:46:26.28Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 19:46:26.122Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 19:46:26.122Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 19:46:26.122Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 19:46:26.215Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 19:46:26.215Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 19:46:26.215Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 19:46:26.215Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 19:46:26.309Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 19:46:26.309Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 19:46:26.309Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 19:46:26.309Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 19:46:26.403Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 19:46:26.403Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 19:46:26.403Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 19:46:26.403Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 19:46:26.497Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 19:46:26.497Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 19:46:26.497Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 19:46:26.497Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 19:46:26.590Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 19:46:26.590Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 19:46:26.590Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 19:46:26.590Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 19:46:26.684Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 19:46:26.684Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 19:46:26.684Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 19:46:26.684Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 19:46:26.778Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 19:46:26.778Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 19:46:26.778Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 19:46:26.778Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 19:46:26.872Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 19:46:26.872Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 19:46:26.872Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 19:46:26.872Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 19:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 19:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 19:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 19:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 19:46:27.59Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 19:46:27.59Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 19:46:27.59Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 19:46:27.59Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 19:46:27.153Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 19:46:27.153Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 19:46:27.153Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 19:46:27.153Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 19:46:27.247Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 19:46:27.247Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 19:46:27.247Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 19:46:27.247Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 19:46:27.340Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 19:46:27.340Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 19:46:27.340Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 19:46:27.340Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 19:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 19:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 19:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 19:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 19:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 19:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 19:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 19:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 19:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 19:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 19:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 19:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 19:46:27.747Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 19:46:27.747Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 19:46:27.747Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 19:46:27.747Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 19:46:27.840Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 19:46:27.840Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 19:46:27.840Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 19:46:27.840Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 19:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 19:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 19:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 19:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 19:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 19:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 19:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 19:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 19:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 19:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 19:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 19:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 19:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 19:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 19:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 19:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 19:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 19:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 19:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 19:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 19:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 19:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 19:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 19:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 19:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 19:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 19:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 19:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 19:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 19:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 19:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 19:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 19:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 19:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 19:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 19:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 19:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 19:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 19:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 19:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 19:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 19:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 19:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 19:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 19:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 19:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 19:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 19:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 19:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 19:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 19:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 19:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 19:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 19:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 19:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 19:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 19:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 19:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 19:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 19:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 19:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 19:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 19:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 19:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 19:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 19:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 19:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 19:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 19:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 19:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 19:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 19:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 19:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 19:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 19:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 19:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 19:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 19:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 19:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 19:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 19:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 19:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 19:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 19:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 19:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 19:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 19:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 19:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 19:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 19:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 19:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 19:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 19:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 19:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 19:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 19:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 19:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 19:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 19:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 19:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 19:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 19:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 19:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 19:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 19:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 19:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 19:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 19:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 19:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 19:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 19:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 19:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 19:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 19:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 19:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 19:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 19:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 19:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 19:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 19:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 19:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 19:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 19:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 19:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 19:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 19:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 19:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 19:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 19:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 19:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 19:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 19:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 19:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 19:46:32.793Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 19:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 19:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 19:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 19:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 19:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 19:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 19:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 19:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 19:46:33.918Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 19:46:33.918Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 19:46:33.918Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 19:46:34.59Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 19:46:34.340Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 19:46:34.340Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 19:46:34.340Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 19:46:34.434Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 19:46:34.434Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 19:46:34.434Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 19:46:34.434Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 19:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 19:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 19:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 19:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 19:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 19:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 19:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 19:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 19:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 19:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 19:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 19:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 19:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 19:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 19:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 19:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 19:46:34.809Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 19:46:34.809Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 19:46:34.809Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 19:46:34.809Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 19:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 19:46:34.997Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 19:46:34.997Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 19:46:34.997Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 19:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 19:46:35.184Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 19:46:35.184Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 19:46:35.184Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 19:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 19:46:35.372Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 19:46:35.372Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 19:46:35.372Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 19:46:35.512Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 19:46:35.559Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 19:46:35.559Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 19:46:35.559Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 19:46:35.653Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 19:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 19:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 19:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 19:46:35.840Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 19:46:35.934Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 19:46:35.934Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 19:46:35.934Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 19:46:36.28Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 19:46:36.122Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 19:46:36.122Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 19:46:36.122Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 19:46:36.215Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 19:46:36.309Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 19:46:36.309Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 19:46:36.309Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 19:46:36.403Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 19:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 19:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 19:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 19:46:36.543Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 19:46:36.590Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 19:46:36.590Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 19:46:36.590Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 19:46:36.684Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 19:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 19:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 19:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 19:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 19:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 19:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 19:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 19:46:36.965Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 19:46:36.965Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 19:46:36.965Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 19:46:36.965Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 19:46:37.59Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 19:46:37.59Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 19:46:37.59Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 19:46:37.59Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 19:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 19:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 19:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 19:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 19:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 19:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 19:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 19:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 19:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 19:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 19:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 19:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 19:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 19:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 19:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 19:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 19:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 19:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 19:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 19:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 19:46:39.309Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 19:46:39.309Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 19:46:39.309Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 19:46:39.309Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 19:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 19:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 19:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 19:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 19:46:39.590Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 19:46:39.590Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 19:46:39.590Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 19:46:39.590Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 19:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 19:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 19:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 19:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 19:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 19:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 19:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 19:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 19:46:39.918Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 19:46:39.918Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 19:46:39.918Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 19:46:39.918Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 19:46:40.12Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 19:46:40.12Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 19:46:40.12Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 19:46:40.12Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 19:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 19:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 19:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 19:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 19:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 19:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 19:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 19:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 19:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 19:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 19:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 19:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 19:46:40.434Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 19:46:40.434Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 19:46:40.434Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 19:46:40.434Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 19:46:40.575Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 19:46:40.575Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 19:46:40.575Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 19:46:40.575Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 19:46:40.715Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 19:46:40.715Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 19:46:40.715Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 19:46:40.715Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 19:46:40.856Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 19:46:40.856Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 19:46:40.856Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 19:46:40.856Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 19:46:40.950Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 19:46:40.950Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 19:46:40.950Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:40.997Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.43Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.90Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 19:46:41.90Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.137Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.184Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.231Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.278Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.325Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.372Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.418Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 19:46:41.418Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 19:46:41.418Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 19:46:41.418Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 19:46:41.559Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 19:46:41.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
24/6/2020 - 19:46:41.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 19:46:41.934Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 19:46:41.934Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 19:46:41.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 19:46:42.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.168Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
24/6/2020 - 19:46:42.168Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 19:46:42.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:42.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:42.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:42.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:42.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:42.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:42.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:43.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:43.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:43.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:43.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:44.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:44.372Open1480C:\malware.exeC:\WindowsCodecs.dll
24/6/2020 - 19:46:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 19:46:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 19:46:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 19:46:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 19:46:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:44.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:44.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:44.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:44.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:45.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:45.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:45.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:45.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
24/6/2020 - 19:46:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.778Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
24/6/2020 - 19:46:45.778Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
24/6/2020 - 19:46:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.825Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:45.825Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 19:46:45.965Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 19:46:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:47.653Open1480C:\malware.exeC:\malware.config
24/6/2020 - 19:46:47.653Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
24/6/2020 - 19:46:47.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
24/6/2020 - 19:46:47.700Open1480C:\malware.exeC:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
24/6/2020 - 19:46:47.700Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.700Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.700Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.exe
24/6/2020 - 19:46:47.700Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.exe
24/6/2020 - 19:46:47.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:46:47.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:46:47.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:46:47.934Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:47.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.934Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.950Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.950Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:47.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:47.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
24/6/2020 - 19:46:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:48.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll
24/6/2020 - 19:46:49.450Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:49.450Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:49.450Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:49.450Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:49.450Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 19:46:49.450Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 19:46:49.450Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
24/6/2020 - 19:46:49.450Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dllSystem.ServiceProcess.ni.dll
24/6/2020 - 19:46:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:50.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:50.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:51.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:52.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:52.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.262Open1480C:\malware.exeC:\pt-BR\ckXtkF.resources.dll
24/6/2020 - 19:46:52.262Open1480C:\malware.exeC:\pt-BR\ckXtkF.resources\ckXtkF.resources.dll
24/6/2020 - 19:46:52.262Open1480C:\malware.exeC:\pt-BR\ckXtkF.resources.exe
24/6/2020 - 19:46:52.262Open1480C:\malware.exeC:\pt-BR\ckXtkF.resources\ckXtkF.resources.exe
24/6/2020 - 19:46:52.262Open1480C:\malware.exeC:\pt\ckXtkF.resources.dll
24/6/2020 - 19:46:52.262Open1480C:\malware.exeC:\pt\ckXtkF.resources\ckXtkF.resources.dll
24/6/2020 - 19:46:52.262Open1480C:\malware.exeC:\pt\ckXtkF.resources.exe
24/6/2020 - 19:46:52.262Open1480C:\malware.exeC:\pt\ckXtkF.resources\ckXtkF.resources.exe
24/6/2020 - 19:46:52.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:52.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:52.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:52.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:52.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:52.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:52.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:52.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:52.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:52.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:52.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:53.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:54.28Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:54.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:54.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:54.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:54.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:54.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:54.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:54.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:54.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:54.778Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:54.778Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.778Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 19:46:54.825Open1480C:\malware.exeC:\VERSION.dll
24/6/2020 - 19:46:54.825Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:54.825Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:54.825Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:54.825Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:54.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.153Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
24/6/2020 - 19:46:55.153Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 19:46:55.153Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
24/6/2020 - 19:46:55.153Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 19:46:55.153Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
24/6/2020 - 19:46:55.153Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 19:46:55.153Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
24/6/2020 - 19:46:55.153Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 19:46:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:55.293Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.434Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:55.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:55.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:55.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:55.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:56.90Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:56.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:56.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:56.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:56.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:56.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:56.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:56.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:56.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:56.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:56.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:56.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:56.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:56.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:56.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:56.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:56.934Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:56.934Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 19:46:56.934Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 19:46:56.934Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:56.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
24/6/2020 - 19:46:56.981Read2424C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
24/6/2020 - 19:46:56.981Open2424C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Monitor
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Monitor
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Monitor
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 19:46:56.981Read2424C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 19:46:56.981Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\Globalization
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Globalization
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Globalization
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\System32
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\System32
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\System32
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:56.981Unknown2424C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:56.981Open2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\System32\apisetschema.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[1].XML
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:56.997Open2424C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:56.997Read2424C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 19:46:56.997Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[1].XML
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
24/6/2020 - 19:46:57.12Read2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
24/6/2020 - 19:46:57.12Read2424C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 19:46:57.12Read2424C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Monitor
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\malware.exe.config
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.12Open2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.12Unknown2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:57.28Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.28Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.28Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.28Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.28Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\malware.exe.config
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Monitor
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Monitor
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.28Unknown2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:57.28Open2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116437
24/6/2020 - 19:46:57.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116437
24/6/2020 - 19:46:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116453
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:57.106Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\malware.config
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.106Unknown2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:57.106Unknown2424C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.106Unknown2424C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.106Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.106Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.122Open2424C:\malware.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 19:46:57.122Open2424C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 19:46:57.122Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:57.122Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:57.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\bcrypt.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\dwmapi.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:57.153Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:57.153Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:57.153Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:57.153Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:57.153Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.153Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\VERSION.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:57.168Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:57.168Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.168Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:57.168Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.231Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
24/6/2020 - 19:46:57.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:57.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.231Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:57.231Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 19:46:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 19:46:57.231Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 19:46:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:57.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\CRYPTSP.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:57.247Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.247Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:57.309Open2424C:\malware.exeC:\RpcRtRemote.dll
24/6/2020 - 19:46:57.309Open2424C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:46:57.309Unknown2424C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:46:57.309Open2424C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:46:57.309Unknown2424C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
24/6/2020 - 19:46:57.356Unknown2424C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
24/6/2020 - 19:46:57.356Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
24/6/2020 - 19:46:57.559Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
24/6/2020 - 19:46:57.559Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
24/6/2020 - 19:46:58.28Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
24/6/2020 - 19:46:58.28Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
24/6/2020 - 19:46:58.28Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
24/6/2020 - 19:46:58.28Open2424C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
24/6/2020 - 19:46:58.28Open2424C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.450Open2424C:\malware.exeC:\SXS.DLL
24/6/2020 - 19:46:58.450Open2424C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 19:46:58.450Open2424C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 19:46:58.450Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.450Open2424C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:58.450Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.465Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.465Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:46:58.465Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:58.934Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:46:58.934Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:58.934Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:46:58.934Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:46:58.934Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:46:58.934Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:58.934Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:58.934Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.934Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:46:58.950Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.950Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.950Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.950Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.950Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.950Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:58.950Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
24/6/2020 - 19:46:59.887Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
24/6/2020 - 19:46:59.887Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:59.887Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:46:59.934Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:59.981Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:0.28Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:0.75Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:0.122Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:0.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:0.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:0.309Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:0.356Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:0.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:0.450Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 19:47:0.497Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:0.497Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 19:47:0.497Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:0.543Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:0.590Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:0.637Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:0.684Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 19:47:0.684Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:0.684Open2424C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:47:0.684Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:0.684Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:0.684Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:0.684Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:0.684Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:0.872Read2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:47:1.200Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
24/6/2020 - 19:47:4.747Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:11.43Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:11.90Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:11.184Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:12.309Open2424C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 19:47:12.309Open2424C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 19:47:12.309Open2424C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 19:47:12.309Open2424C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 19:47:15.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:15.215Open2424C:\malware.exeC:\%insfolder%\%insname%
24/6/2020 - 19:47:30.668Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:30.715Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:30.762Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:30.809Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:30.856Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:30.903Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:30.950Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:30.997Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:31.43Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:31.90Open2424C:\malware.exeC:\shfolder.dll
24/6/2020 - 19:47:31.90Open2424C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 19:47:31.90Open2424C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 19:47:31.90Open2424C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:47:31.90Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:47:31.90Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:31.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:31.184Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:31.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:31.278Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:31.325Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
24/6/2020 - 19:47:31.434Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
24/6/2020 - 19:47:31.450Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
24/6/2020 - 19:47:31.450Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
24/6/2020 - 19:47:31.450Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\Windows\Globalization\en-us.nlp
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\malware.config
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:31.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:31.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:31.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:31.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:31.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:31.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:31.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:31.497Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:31.543Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:31.590Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:31.637Open2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:31.684Open2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:31.965Open2424C:\malware.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 19:47:31.965Open2424C:\malware.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 19:47:31.965Open2424C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
24/6/2020 - 19:47:32.12Open2424C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
24/6/2020 - 19:47:32.387Open2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:32.387Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.403Open2424C:\malware.exeC:\Storage
24/6/2020 - 19:47:32.403Open2424C:\malware.exeC:\mail
24/6/2020 - 19:47:32.403Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
24/6/2020 - 19:47:32.403Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
24/6/2020 - 19:47:32.403Open2424C:\malware.exeC:\Program Files (x86)
24/6/2020 - 19:47:32.403Unknown2424C:\malware.exeC:\Program Files (x86)
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Open2424C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.418Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.418Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:32.418Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
24/6/2020 - 19:47:32.418Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.418Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
24/6/2020 - 19:47:32.418Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
24/6/2020 - 19:47:32.418Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
24/6/2020 - 19:47:32.418Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.465Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
24/6/2020 - 19:47:32.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
24/6/2020 - 19:47:32.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:32.606Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:32.606Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\FTP Navigator\Ftplist.txt
24/6/2020 - 19:47:32.606Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
24/6/2020 - 19:47:32.606Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.606Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.606Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.606Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.606Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.606Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.606Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.606Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.606Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.622Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
24/6/2020 - 19:47:32.622Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:32.622Open2424C:\malware.exeC:\vaultcli.dll
24/6/2020 - 19:47:32.622Open2424C:\malware.exeC:\vaultcli.dll
24/6/2020 - 19:47:32.622Open2424C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
24/6/2020 - 19:47:32.622Open2424C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
24/6/2020 - 19:47:33.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:33.168Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
24/6/2020 - 19:47:33.168Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
24/6/2020 - 19:47:33.168Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
24/6/2020 - 19:47:33.168Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
24/6/2020 - 19:47:33.168Open2424C:\malware.exeC:\cftp\Ftplist.txt
24/6/2020 - 19:47:33.168Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
24/6/2020 - 19:47:33.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:33.184Open2424C:\malware.exeC:\Monitor\Folder.lst
24/6/2020 - 19:47:33.184Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
24/6/2020 - 19:47:33.184Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
24/6/2020 - 19:47:33.184Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
24/6/2020 - 19:47:33.184Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
24/6/2020 - 19:47:33.184Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
24/6/2020 - 19:47:33.200Open2424C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
24/6/2020 - 19:47:33.200Open2424C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
24/6/2020 - 19:47:33.200Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
24/6/2020 - 19:47:33.200Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 19:47:33.200Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.340Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.387Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:47:33.434Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:47:33.434Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.481Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.528Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.575Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.622Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.668Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.715Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.762Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.809Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.856Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.903Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.950Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:33.997Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:34.43Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:34.90Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:34.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:34.184Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:34.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:34.278Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:34.325Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
24/6/2020 - 19:47:34.325Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
24/6/2020 - 19:47:34.325Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
24/6/2020 - 19:47:34.325Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
24/6/2020 - 19:47:34.325Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:34.372Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:34.418Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:34.465Open2424C:\malware.exeC:\Monitor
24/6/2020 - 19:47:34.465Unknown2424C:\malware.exeC:\Monitor
24/6/2020 - 19:47:34.465Open2424C:\malware.exeC:\netsh.exe
24/6/2020 - 19:47:34.465Open2424C:\malware.exeC:\Monitor\netsh.exe
24/6/2020 - 19:47:34.465Open2424C:\malware.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 19:47:34.512Open2424C:\malware.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 19:47:34.512Open2424C:\malware.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:47:34.700Unknown2424C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\
24/6/2020 - 19:47:34.700Unknown2424C:\malware.exeC:\
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows
24/6/2020 - 19:47:34.700Unknown2424C:\malware.exeC:\Windows
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:47:34.700Unknown2424C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:47:34.700Unknown2424C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 19:47:34.700Read2424C:\malware.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 19:47:34.700Read2424C:\malware.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 19:47:34.700Read2424C:\malware.exeC:\Windows\SysWOW64\netsh.exe
24/6/2020 - 19:47:34.700Open2424C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
24/6/2020 - 19:47:34.700Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:34.700Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:34.700Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:34.700Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\Prefetch\NETSH.EXE-CD959116.pf
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows
24/6/2020 - 19:47:34.747Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows
24/6/2020 - 19:47:34.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Monitor
24/6/2020 - 19:47:34.903Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:47:34.903Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:47:34.903Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
24/6/2020 - 19:47:34.903Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
24/6/2020 - 19:47:34.903Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 19:47:34.903Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 19:47:34.903Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:47:34.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:47:34.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:47:34.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:47:34.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:47:34.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:47:34.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.mui
24/6/2020 - 19:47:34.965Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
24/6/2020 - 19:47:34.965Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe.Local
24/6/2020 - 19:47:34.965Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:47:34.965Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:47:34.965Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:47:34.965Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 19:47:34.965Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.Manifest
24/6/2020 - 19:47:34.981Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
24/6/2020 - 19:47:34.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
24/6/2020 - 19:47:34.997Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
24/6/2020 - 19:47:35.43Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
24/6/2020 - 19:47:35.512Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 19:47:35.512Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 19:47:35.512Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 19:47:35.512Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 19:47:35.934Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
24/6/2020 - 19:47:35.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
24/6/2020 - 19:47:36.356Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL
24/6/2020 - 19:47:36.356Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL.DLL
24/6/2020 - 19:47:36.356Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL
24/6/2020 - 19:47:36.356Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL.DLL
24/6/2020 - 19:47:36.403Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
24/6/2020 - 19:47:36.403Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
24/6/2020 - 19:47:36.731Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
24/6/2020 - 19:47:36.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
24/6/2020 - 19:47:37.200Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
24/6/2020 - 19:47:37.247Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 19:47:37.247Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
24/6/2020 - 19:47:37.247Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 19:47:37.293Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 19:47:37.340Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 19:47:37.387Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 19:47:37.434Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 19:47:37.434Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 19:47:37.434Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 19:47:37.434Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 19:47:37.434Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 19:47:37.434Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 19:47:37.434Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:37.434Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:37.715Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
24/6/2020 - 19:47:37.715Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
24/6/2020 - 19:47:37.997Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
24/6/2020 - 19:47:37.997Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
24/6/2020 - 19:47:38.90Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
24/6/2020 - 19:47:38.137Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
24/6/2020 - 19:47:38.184Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
24/6/2020 - 19:47:38.372Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
24/6/2020 - 19:47:38.418Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
24/6/2020 - 19:47:38.559Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 19:47:38.559Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:47:38.606Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
24/6/2020 - 19:47:38.606Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
24/6/2020 - 19:47:38.606Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.606Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.606Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 19:47:38.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 19:47:38.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
24/6/2020 - 19:47:38.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
24/6/2020 - 19:47:38.622Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
24/6/2020 - 19:47:38.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
24/6/2020 - 19:47:38.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
24/6/2020 - 19:47:38.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
24/6/2020 - 19:47:38.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
24/6/2020 - 19:47:38.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
24/6/2020 - 19:47:38.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
24/6/2020 - 19:47:39.137Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
24/6/2020 - 19:47:39.184Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
24/6/2020 - 19:47:39.465Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 19:47:39.465Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 19:47:39.559Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
24/6/2020 - 19:47:39.559Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
24/6/2020 - 19:47:39.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 19:47:39.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 19:47:39.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 19:47:39.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 19:47:39.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
24/6/2020 - 19:47:39.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
24/6/2020 - 19:47:39.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
24/6/2020 - 19:47:39.981Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
24/6/2020 - 19:47:40.309Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
24/6/2020 - 19:47:40.309Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
24/6/2020 - 19:47:40.450Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
24/6/2020 - 19:47:40.497Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
24/6/2020 - 19:47:40.731Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
24/6/2020 - 19:47:40.731Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
24/6/2020 - 19:47:41.12Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
24/6/2020 - 19:47:41.12Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
24/6/2020 - 19:47:41.293Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
24/6/2020 - 19:47:41.293Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
24/6/2020 - 19:47:41.293Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
24/6/2020 - 19:47:41.293Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
24/6/2020 - 19:47:41.575Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
24/6/2020 - 19:47:41.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
24/6/2020 - 19:47:41.903Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
24/6/2020 - 19:47:41.903Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
24/6/2020 - 19:47:42.372Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
24/6/2020 - 19:47:42.418Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
24/6/2020 - 19:47:42.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
24/6/2020 - 19:47:42.747Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
24/6/2020 - 19:47:43.262Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
24/6/2020 - 19:47:43.262Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
24/6/2020 - 19:47:43.543Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
24/6/2020 - 19:47:43.825Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
24/6/2020 - 19:47:43.825Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
24/6/2020 - 19:47:44.59Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
24/6/2020 - 19:47:44.59Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
24/6/2020 - 19:47:44.387Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
24/6/2020 - 19:47:44.387Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
24/6/2020 - 19:47:44.622Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
24/6/2020 - 19:47:44.668Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
24/6/2020 - 19:47:44.668Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
24/6/2020 - 19:47:44.668Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
24/6/2020 - 19:47:44.668Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
24/6/2020 - 19:47:44.668Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
24/6/2020 - 19:47:44.684Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 19:47:44.684Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 19:47:44.684Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 19:47:44.684Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 19:47:44.684Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
24/6/2020 - 19:47:44.684Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
24/6/2020 - 19:47:44.684Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
24/6/2020 - 19:47:44.684Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
24/6/2020 - 19:47:44.700Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
24/6/2020 - 19:47:44.700Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.700Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.700Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.700Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.700Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.700Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.700Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.700Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:47:44.700Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:47:44.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:47:44.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:47:44.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 19:47:44.762Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 19:47:44.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 19:47:44.762Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 19:47:44.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\qagentrt.dll
24/6/2020 - 19:47:44.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 19:47:44.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 19:47:44.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
24/6/2020 - 19:47:44.762Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
24/6/2020 - 19:47:44.778Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
24/6/2020 - 19:47:44.778Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
24/6/2020 - 19:47:44.778Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.778Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
24/6/2020 - 19:47:44.778Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.793Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
24/6/2020 - 19:47:44.809Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
24/6/2020 - 19:47:44.809Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
24/6/2020 - 19:47:44.809Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
24/6/2020 - 19:47:44.809Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
24/6/2020 - 19:47:44.809Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:47:44.918Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:47:44.918Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:47:44.918Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:47:44.965Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.mui
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:44.965Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:45.12Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
24/6/2020 - 19:47:45.12Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
24/6/2020 - 19:47:45.106Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:45.106Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:45.106Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
24/6/2020 - 19:47:45.106Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
24/6/2020 - 19:47:45.106Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
24/6/2020 - 19:47:45.106Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
24/6/2020 - 19:47:45.106Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
24/6/2020 - 19:47:45.153Open2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.mui
24/6/2020 - 19:47:45.153Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
24/6/2020 - 19:47:45.153Read2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
24/6/2020 - 19:47:45.481Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows
24/6/2020 - 19:47:45.481Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Monitor
24/6/2020 - 19:47:45.481Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.muinetsh.exe.mui
24/6/2020 - 19:47:45.481Unknown2688C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:47:45.481Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
24/6/2020 - 19:47:45.481Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
24/6/2020 - 19:47:45.481Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
24/6/2020 - 19:47:45.481Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
24/6/2020 - 19:47:45.481Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:45.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:45.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
24/6/2020 - 19:47:45.497Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
24/6/2020 - 19:47:45.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
24/6/2020 - 19:47:45.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
24/6/2020 - 19:47:45.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
24/6/2020 - 19:47:45.512Open2424C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script
24/6/2020 - 19:47:45.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
24/6/2020 - 19:47:45.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
24/6/2020 - 19:47:45.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
24/6/2020 - 19:47:45.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
24/6/2020 - 19:47:45.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
24/6/2020 - 19:47:53.762Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:53.809Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:53.856Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:53.903Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:53.997Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:54.43Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:54.90Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:54.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:54.184Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:54.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:54.278Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll

Process
Trace
24/6/2020 - 19:46:56.934Create1480C:\malware.exe2424C:\malware.exe
24/6/2020 - 19:47:34.700Create2424C:\malware.exe2688C:\Windows\SysWOW64\netsh.exe
24/6/2020 - 19:47:45.481Terminate2424C:\malware.exe2688C:\Windows\SysWOW64\netsh.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
24/6/2020 - 19:45:57.43Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
24/6/2020 - 19:47:44.762Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.762Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.762Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.762Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.762Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.762Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-100
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-101
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-103
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-102
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-1
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-2
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-4
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-3
24/6/2020 - 19:47:44.778Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.793Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.793Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-100
24/6/2020 - 19:47:44.793Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.793Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.793Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-101
24/6/2020 - 19:47:44.793Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.793Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-102
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-103
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-100
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-101
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-102
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-103
24/6/2020 - 19:47:44.809Write2688C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 70.13%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.07%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 59.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 51.17%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.98%
suspicious: True check_circle

Add to Collection
Download