Report #10760 check_circle

Binary
DLL
False cancel
Size
749.50KB
trid
55.8% Generic CIL Executable
21.0% Win64 Executable
9.9% Windows screen saver
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
89b27bc015def35be1bf6497833701fa
sha1
d03b7a4f1568ec33366d335feecec3a782bbae9c
crc32
0xb252f6d2
sha224
d729b20606e903cd0648c804f005ee39f6ab0b337179883f3d227c86
sha256
59c82acc7c45e2b07694688f1d2b4a0ed9356b3e645486bf46b4ccbfb240f475
sha384
21b95f7c69a1c2a3fb06628bdbe95c828799685252ebb57fc323f5025bcedc0f3f285c398965ec4f53624d1b444911ae
sha512
ce793d66ae3da219d267bb155618307389b539daa9a9a72de2b6f9e1742ae3acae46c6ddf74940f7a8708a07c79973f85f14e195f77c8047feb5b692a2928054
ssdeep
12288:8I7RP/rg/8pvFr/eiDGsofWqC7gMYUQvssWbcZx58IyP8SZOymYv9uv4Vw9FNGGo:lU+1/eiDGvL0Qvd
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, url, IsWindowsGUI, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, NET_executable_, domain, IP, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, Big_Numbers3

Suspicious
True check_circle

Strings
List
https://github.com/BrianMacIntosh/CataModder
http://en.cataclysmdda.com/
System.IO
o.pa
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
CataclysmModder.schemas.recipes.txt
CataclysmModder.schemas.recipes.txt
CataclysmModder.Properties
skills.json
WukSahvSY+fDO9yR34nLogVaG6PAixnxTzAj2WdukigCKIjwfRJqPfkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5DYEPQ8zXQhym4ISW5ijPkHQan+8J6qt3+RLdQO2KzJhZy3oAoLbTV7iEMU2H55gAB1ryp+nn8Y2uw1zHkvwTHem/7kxRVQxMDMCdLKy0Rs9ewTHGdydPIYQNb51rmvlC5SRmRz1ukdMTvoWm96hnkJ6Kbmw4uFhvBOu/3Hz9tj/5CdhrK1nYedpchTwVsvU5gGur82+DHXvodQQQ0AnWVMcFEj+lDbDycDOozMp+452T5N6dMD08KvIKttfGAbXGwsKrWsUg22KJ38SXDdpb+0zOJpZoxNJ7+QnYaytZ2Hl8D/TXTOLHbN9CGMM0S8uQ6EnIYBIMSD75CdhrK1nYeXNdDvclG7HmlbIZjuwxQp5hkz0qo4f2rS7ihAetK377YZM9KqOH9q35CdhrK1nYefkJ2GsrWdh5HY6NO+09H9Bom/IUE1QM6ims+e3VVRM/+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5VA44tmj2S6+JAeZqQpQ5yju1boIf0QMImwbLgSwb7pL5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5mlAFuuqI+j75CdhrK1nYefkJ2GsrWdh54DAEiwTSHZf5CdhrK1nYefkJ2GsrWdh54uZxmNR0PQQWOv05ghf5FOzqMLMHpUKhd0a9HlhN/c+B4UEP6YEdFvkJ2GsrWdh5+QnYaytZ2HmHHL/bGIzLLkN5+uTtSdWpW+kk92haeCeWjZkEWbDGPcM73JHficuixufmNtvMmcf5CdhrK1nYefkJ2GsrWdh5xufmNtvMmcf8fITz/TaFUeWAgo7cx06vVA44tmj2S6/oSchgEgxIPgnjLHtup3br+QnYaytZ2Hn5CdhrK1nYecbn5jbbzJnH39NBuNb8++f5CdhrK1nYefkJ2GsrWdh53IbuDN8Yn6L5CdhrK1nYeUF12KCvHTG7W1hV1xK9LAhTLkksp2lPw45lX8MntaOwt6cAmBjUk7zsb/zyWUIPlvkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2HmMK3Ck49ed16Myl57UQEudvI53aKsY5SzeUhtXSTWjn/KX3EavPqsJ9Lg56Tpt67Tw48RABl12buubowKTuW28fVNcg5xAliszZ/m0Ti8GpFQA0r/0zjRlLCsey9EZWiEtwL7Hb2sac4DyCD2gZC7Y/TJvySL08Dx0TXWk7hCjJhXpUKVqSjS7F27+t9f7YNetFwpzTuP1rbqRC0PlULX8Y/+ScvZL3xOkyb7O9nvF55MmCVHeTFn42gpgPqFwOKEWQ0gd3slEreaXrnFIUH8Gbp8iW/Z756+sW//BOjYfhucWNEZ34JSbe9UwULAKxcohsOx+VTFjZ32BeJPGFyegmbmPAyg/rD081U0zbebW99kYKWFM1PmPBZdwK0rLAzgXh/8bPckuImJXbN1uukKsfBfw/YxUZBf39rpxcpL8Vd5SjOm4MoSnyxTZ16EYXCj1NiLOAtLjkqLaqhI/vU15654jcxON+fHAdhxs3EXx+AfiNjdobxYtBCCWC+1S7GMHCpIJzb+7hLV6YqiBm97WdspJlulAOVy1emKogZve1rEC1wY/zKMnVO5V5aei7hY9jHvLUKUN87PaXGETEmXJ9hj0pAK/EB0NjoOorHB0tUXVa1vT58rl7D4J01u8e/ckhEDOmL4Uam9iLh8KDk6IXCiag3gZG7IoXSSHD4+e9adAkxaUZv+lgxPpZovN4wtFdHsUYXIJPEa6SAimPhzfvNIoXUoA6oYIPerSDdBXoTuZxZTjkONMTxznXJYOhlrwyZQ7H4+Dy5dC9h/2FWkWhXhspGinbi6cDIoV0udDHxlRFkBqAOUoIKzEGOnBK1US4HQ1zjfwUsRveO7ouWz63JHiQB5m4tx9JGAVFy9nXn0nnnXhXz/HIOe2VKJMqGsLKeDJ7aXL5+fWYRCNABmHqi3InVQOUm8FqPojxjU86qfsX1WN8mbrmERr2pUFdW4QqZARaov41z4HAnL/ND5qnhhEq4AL2BYPHvkDPE0jdd/Vn1IKi4Z0Ctc9ZUhZewbu2tCPhl7btEYvS5DyABT2u/OSBzr6d9GtGvSdExLSaIDLipSiqByO7AqJh/LgkGaB+fZozu3k2UvYEf1Nur6I42YlQojMkoWov/UWFwM+4w2GTg7y34FzPUH7aQofICDy4fCITOzWiGokqzohNSetVwBgirGPtGji/HV9xdNZ1jVj67K5eOQsSTaAA2bTIY2B4uGRuDegR/V95o76hzIcbiDwnH4iUII06o92OFNUOYjc/h01zEvCoEjhifYcQU9kUD+YUh9wBx7FmaN37CAQ4uwM6ybJ3twdp3a/vI6LWPyErzGoQivaENXa5o3mTgZBAw6t0g5+11rKZGufxc+YOp3bgIT+VqGkS+gdDTWKFKBUZz5W4SqCLh6RaSZN14tOS0cPhRtInLwDolG7m+QoZMSvxRxWowyCPdqSAxH0yhDV2uaN5k4GvMPa47TblmJaymRrn8XPmNgKfOe8zZZBpEvoHQ01ihQBRBHMHCbbNC4ekWkmTdeLTktHD4UbSJyDwSjACe84dWTEr8UcVqMMyduBBgtf6pIQ1drmjeZOBlPzIeWWodqwWspka5/Fz5g8cWyKh/56MKRL6B0NNYoU8in+boK8uokuHpFpJk3Xi05LRw+FG0icbCz1ivE1NGpkxK/FHFajDAnLXAkm915xENXa5o3mTgYAOTLFqNemB1rKZGufxc+Yrl2HLVhNHo6kS+gdDTWKFEAge0Jkp4FCLh6RaSZN14tOS0cPhRtInDxUm3zZu6FnJ1EMUBGLzLh4z5cCR+I/UXq+kg1RYX6DAYo7pexv4ghjggXhMNL2iBasE2EmAZiCfQgx4mRay5CxvfRDxyGzqCogKBsc9wJaA2E0anZYVKDULAwlhzVLqs3KLS8oKAw1o/f047cVAP94z5cCR+I/Uf68tUH+K2LWxRxkyVprjS4YyHUs0c5s9enBxX/bBNAZWXBOaVXmTlnht7tl/Be0zBGaW9uIg8YmLaVNialdnLP9HU9FiaygoSxUrt85sUf/+NGx0V9wKtELLa6AqnM8z9kNP77Pl4QKpqYZV6gdBV+3W1p9KK9xmfEj2C3zsNbfzcotLygoDDWj9/TjtxUA/+G3u2X8F7TMaV2XC2DxGirFHGTJWmuNLlVR2JSit1OsNQWqN9cTNGpZcE5pVeZOWeG3u2X8F7TMfo9xZLoqkMfFHGTJWmuNLgYHVWT3OBni8hiZ7k4luVb9HU9FiaygoSxUrt85sUf/+NGx0V9wKtGJoGwSSHCSizmJwdgbywZjpqYZV6gdBV98OwMD4g5soPEj2C3zsNbfzcotLygoDDWj9/TjtxUA/3UPOVMjxgULaV2XC2DxGirFHGTJWmuNLgYHVWT3OBniNQWqN9cTNGpZcE5pVeZOWXUPOVMjxgULfo9xZLoqkMfFHGTJWmuNLrExLtNHT8lP7sxM+3e1I0Aq9015FjKFmGVwIeAEyNFA8j7DQsL2pFiM0Hzq4g4j32dHtwS7yW3SJsMwsPelJCD40bHRX3Aq0WX4eBwc7gM/+aMCu8RsMiAlSeVd1rxaocUcZMlaa40usTEu00dPyU/FZAma3shvphy5+6M6hWEQQ+0oM86hcsT5oCLDb1KANMUcZMlaa40usTEu00dPyU+fX7cbciYHuA6ixpA1mdkiwY0n3jUpbxJ/42+yrB5ENV9bB51+Veq0RaNCsMSLIqXFHGTJWmuNLumFGczFaRHjwUpUWZV5I8OhvBnRX2MonUaCEBz69+cm50LWNedLCXu8vrva9pxyS+KzAP1EBQ2Vxcafo54IYj8zrAR3jcEJp5JJHSrSlIZl+NGx0V9wKtEM96vmP1B4GdkNP77Pl4QKGlv1A/0rBBozrAR3jcEJp/p7ChkjVGLs+NGx0V9wKtEk9Ob1Pd3AAygf5+Twb5OYxf49aWHOj/DTutIhiZwtVBNl1f1finanrX/ZCc18cRZMGBqr2IuGgcUcZMlaa40ui4AJhnFDg/YrhEzroL+yUuKzAP1EBQ2Vxcafo54IYj/bzjoOKCi5YZJJHSrSlIZl+NGx0V9wKtFKLh8gOW83wdkNP77Pl4QKGlv1A/0rBBrbzjoOKCi5Yfp7ChkjVGLs+NGx0V9wKtFvFhwnHi0Ksff5CUMG8cOF7l+NvIDkFfQBijul7G/iCGOCBeEw0vaIDyAcN42iOhe1Ju51H2axX7G99EPHIbOofZrXA4bBz26SXrK1CqWhTCyJwSpvpmBvzcotLygoDDWj9/TjtxUA///g+b9+1qYWaV2XC2DxGirFHGTJWmuNLr/sLwLqVIBYNQWqN9cTNGpZcE5pVeZOWf/g+b9+1qYWfo9xZLoqkMfFHGTJWmuNLo2ITwiFZQFk+9Tqg1Ec5MP9HU9FiaygoSxUrt85sUf/+NGx0V9wKtGApVzSo5s7zfChcAglh8TYpqYZV6gdBV+ORKKOf1xTY/Ej2C3zsNbfzcotLygoDDWj9/TjtxUA/yKTPMdRQjwMaV2XC2DxGirFHGTJWmuNLo2ITwiFZQFkNQWqN9cTNGpZcE5pVeZOWSKTPMdRQjwMfo9xZLoqkMfFHGTJWmuNLjE+ensWhZXv+qKQjA8zX4LvXN7+vLVehGVwIeAEyNFA8j7DQsL2pFjUj3S4YfD++AhEA5+f+uT1JsMwsPelJCD40bHRX3Aq0bwv2XAyQ+dp+aMCu8RsMiAlSeVd1rxaocUcZMlaa40uMT56exaFle/FZAma3shvpqhF7V+cInf2Q+0oM86hcsT5oCLDb1KANMUcZMlaa40uMT56exaFle+fX7cbciYHuBqxTtxQBAu0VTZJm4dZkXHJFTCgkMa23F9bB51+Veq0RaNCsMSLIqXFHGTJWmuNLjRUozO8NujPdhFGg5wBDPqhvBnRX2MonYICrPFgRELG50LWNedLCXu8vrva9pxyS+KzAP1EBQ2Vxcafo54IYj8IOpdjei2ohpJJHSrSlIZl+NGx0V9wKtGNyQIkM7/bVNkNP77Pl4QKGlv1A/0rBBoIOpdjei2ohvp7ChkjVGLs+NGx0V9wKtHFjLeiwgVRi/f9y1HtvdKVXu12GtLEhCABijul7G/iCGOCBeEw0vaIJ+TcYSFYS/8OokeaQDTg2bG99EPHIbOoF1XAAgaya27ilJhXb0qRjJ1BBGkp2ybc/BMr3rG6zJX40bHRX3Aq0Te/BbZ+9iXGIH099NgkeOvh960jSh84dRMmQSYmS99HO/Dm8pTvCdj40bHRX3Aq0Te/BbZ+9iXG0BURrYM/J2pqPxCptCuciQmiNPhfNncLhR66ecozUrT9HU9FiaygoSxUrt85sUf/+NGx0V9wKtEqEKJHqErA77Iko61iUGoipqYZV6gdBV9c033GvuSduLO/+q60jwZB5ZtBdgUw/FAlSeVd1rxaocUcZMlaa40u8yfwerjXKVDFZAma3shvpkAFTjGTpjPcQ+0oM86hcsT5oCLDb1KANMUcZMlaa40u8yfwerjXKVCfX7cbciYHuEo1BaSJDCFxr2AUuDI9Qc9y0PTU16kw/l9bB51+Veq0RaNCsMSLIqXFHGTJWmuNLnx2sJ+COPg7ks6tK3epSXOhvBnRX2MonZAxW1E40r8fh9oE8hOqNKe/MSTeEENkNaYKlbCiNFrTSjUFpIkMIXGnXxJznDPixEFaFy24HsWDnGPGn7U8EBAKGldJ/tAOjKpaM+xK5+oASjUFpIkMIXGnXxJznDPixIWJkrdjyyinFf+l0tjkOhygc0dCX27itARoFW2JMI8Sxf49aWHOj/DTutIhiZwtVBOoTonkv66tj/DNM/L7q+guBrkfBTa4dcUcZMlaa40uhZsqR+zgUN+yuMnoZq/Hgp1BBGkp2ybc/BMr3rG6zJX40bHRX3Aq0aYYIn+QsuRAIH099NgkeOvCK5PSTi3dEBMmQSYmS99HO/Dm8pTvCdj40bHRX3Aq0aYYIn+QsuRA0BURrYM/J2pVEX8w771SqS6t2n9dMG7QKevrWWWuOooBijul7G/iCGOCBeEw0vaIKiOAlb58r9vYMdYXisN2brG99EPHIbOok2n3BSnmzriSXrK1CqWhTCyJwSpvpmBvzcotLygoDDWj9/TjtxUA/1URfzDvvVKpaV2XC2DxGirFHGTJWmuNLgNpCB+H+2HWNQWqN9cTNGpZcE5pVeZOWVURfzDvvVKpfo9xZLoqkMfFHGTJWmuNLrK/hbYIHkKSAEYrF+6kQ1fMBl3Soxps/GVwIeAEyNFA8j7DQsL2pFhZtWyMALIqapGP+hv1ereGJsMwsPelJCD40bHRX3Aq0b/FrO5T81UH+aMCu8RsMiAlSeVd1rxaocUcZMlaa40usr+FtggeQpLFZAma3shvpvBWmJX42BRWQ+0oM86hcsT5oCLDb1KANMUcZMlaa40usr+FtggeQpKfX7cbciYHuNWAEb9hfVHi+UMsuaH1qNa1QofQBEEu6kNN6w0EW5goRaNCsMSLIqXFHGTJWmuNLlyi/UY80ynDsCcuqMkBgDShvBnRX2MonQzLFBY0Y9iF50LWNedLCXu8vrva9pxyS+KzAP1EBQ2Vxcafo54IYj/YGGZjM/pj/pJJHSrSlIZl+NGx0V9wKtG+exmFeLSwfNkNP77Pl4QKGlv1A/0rBBrYGGZjM/pj/vp7ChkjVGLs+NGx0V9wKtEpJhYNwfQlmKskBowMmrD2EPKOA8gAsjUBijul7G/iCGOCBeEw0vaIBQUiorlvCP1wONEUKf/CNrG99EPHIbOoAA5JKjqkQo2SXrK1CqWhTCyJwSpvpmBvzcotLygoDDWj9/TjtxUA/5GkxzOr3c/WaV2XC2DxGirFHGTJWmuNLjWLyf8JI27INQWqN9cTNGpZcE5pVeZOWZGkxzOr3c/Wfo9xZLoqkMfFHGTJWmuNLvciGeiUmRZeFaTN8WF5kzC5P+0IHYuiOyxUrt85sUf/+NGx0V9wKtEnREvmYDgqLlXfbDjlJGd+pqYZV6gdBV9+I1T5/56YMLO/+q60jwZB5ZtBdgUw/FAlSeVd1rxaocUcZMlaa40u9yIZ6JSZFl7FZAma3shvpvVoHQWtB6+/Q+0oM86hcsT5oCLDb1KANMUcZMlaa40u9yIZ6JSZFl6fX7cbciYHuNQaY/PF9p93ufeqGc74ax1cfvY+EBDw4WVwIeAEyNFA8j7DQsL2pFh/tCnjDMgfZ4CS3VI5L556JsMwsPelJCD40bHRX3Aq0aI0E/5seHKNHbIrJxIM/Q6/MSTeEENkNaYKlbCiNFrT1Bpj88X2n3enXxJznDPixEFaFy24HsWDau3vCO5pKFoKGldJ/tAOjKpaM+xK5+oA1Bpj88X2n3enXxJznDPixIWJkrdjyyin+5tgaLWyHxjd5GuhgdW2QhWygRWtrbuRPzwjeicmVF7/AWCORXnYs96joPHGO68mg3mciBV667xu2DVYk4XoF4BWh7l5/DMwPpJ018zDRpnr0u8CDXfOsT7/tz9F1ckhiCTY5j6cuIH0Rawu6/k0vyw8AMfRcgQ81y9kEDM/+vh1aEsC4pkV271ED+EOPvAATiqx48RhicyFmypH7OBQ3zo8qwtufQ1PbzUhH7wsG8x3Lc+9k91Vfm9GEnEkooooxRxkyVprjS4IQdpdak4OlAUFIqK5bwj9Y1P8aXauva/r0u8CDXfOsT7/tz9F1ckhWnnISAa+kiz0Rawu6/k0vyw8AMfRcgQ8WCGY6YTEwPB1aEsC4pkV271ED+EOPvAATiqx48RhiczzJ/B6uNcpUDo8qwtufQ1PbzUhH7wsG8yoOhWrzdXFV29GEnEkooooxRxkyVprjS4IQdpdak4OlDOsBHeNwQmnY1P8aXauva/r0u8CDXfOsT7/tz9F1ckhg34f+dKvLE70Rawu6/k0vyw8AMfRcgQ8uzv43ptlY291aEsC4pkV271ED+EOPvAATiqx48RhicwGB1Vk9zgZ4jo8qwtufQ1PbzUhH7wsG8yDIOyGkq5SxG9GEnEkooooxRxkyVprjS4IQdpdak4OlCQnPttGP8HtY1P8aXauva/r0u8CDXfOsT7/tz9F1ckht7oDR5tjLnv0Rawu6/k0vyw8AMfRcgQ8FOBCtvHEeRV1aEsC4pkV271ED+EOPvAATiqx48RhicyLgAmGcUOD9jo8qwtufQ1PbzUhH7wsG8xk9akARNgXg29GEnEkooooxRxkyVprjS4IQdpdak4OlBasE2EmAZiCY1P8aXauva+leydxVmq08Xjii256VFhcUb7iZrnXDsBuWtI5OgldgwiIdLd61GA3R1sZ0ewfpFBmTsm8G9FmgLe0kFmLPOccs9CTwWPOzaCmphlXqB0FX646sz/9EIemqloz7Ern6gCbbA+wtAL1FiEom4eXAU8R9h0N+63n6iNEwdnHWlRUqosM8RcwKCWNxRxkyVprjS5Zc+wZJL2pzkpS1RAE213o4vK3lZmW/47BI4uxG39WsZaIaX5+22IIwhqhJwaMZa9v+gjHP/Dsvz8fmUBx83avah25IlfCJEAofsXfYcontRFH44Jns9GPqT4uyJkeIXIDO9cs2NGAjzK3TXNDljjZb6bt4PfQgIaSMKjrNvmxwpPxK4Ee9EuDLuKEB60rfvtr6aqjjscKRJ/6L76D1IILnl/pSRE3GoqT9Xk+EL9aIwTjgdCnKujxoKwDVySTTRnirty0ONMF1GMS7jOKPBd+yz5NO09CjhWWRLXllxRk+ZOZyK5V7cPSvNIoXUoA6oaF46Vz1uPuyp44YrBO7aYnQLK8A3CRKn2oPERcG5DBascFEj+lDbDyvfbiicYkVOjDO9yR34nLop140pvGKU7z9NFKitK+7bYIY/UUAL2QKRFB+zt8hRIvzAkGFJ4+reAT3tVZZ4gvzG+Xk7oubtHAjetvbsiLAX07a/G668CthOFy3gUFbO9PWEyePEDVourPYx7oc8b2eYR4uXsQ4HjAHouGm5+tAJF2Uj3B5GHAUzD3fS1PVoi4JxbJuQQHYtMVeCGup2ZuYBYnezsczZ+xr1ceF98/Wk5BVwt1/U/8+COMU41bkZGqCf66l1DAL/Kul5b5VCzmMamC28KO8yXFBRU+Lsb/HMBD8CN9SKs7SZ7zGY8OlYV1+Kmkgj2X6wcfwC53AjMw7ZUNYkiJf8I5OM2+iE1qXLzNDWDnASyyG8cmD6qNJWeIjY59vI9I5J+pr0Q5PWKVSrg1Xy1dJt6eIRQ+lTq6KX0RCFJRJNT6BGQEstBcyl8MPqVa+vkbsMs6dyYDqxRoXfRX7Y6xaGtRbCHO8h8E3oQdVqoJagVs3t9b+7ho1YfSmiljxWirQEv2HdHk+WVLziVf0L6NXVsV1eSDHieca6juNqo1xphjd3SBNzouMRk8uzOColf3Y6GOFgnDC18Pkq0TzYlg3sRT+Tq7IUmmy59r5GEXwn6o04OJgvM+kNddFxQqEnekh6fsF6kmyUH9+SOiqfqn2Jds/WKP7/K6ALrDytkKu8MrotFHYZRqGcyqRpTRJkuNESdSRuZhBv9ot3Gi/30jUaijjmVfwye1o7AZeYurZ4PtVRHCeek1Z+R0PI9OvoXNd3G2JI2RsXJa5YHY7MA1oePTCI7WRGr/lm8nx7Z+dXaDY2SgxvMTnVo6DSwx6PTHC3GaMw5IEs9I968LmLKj9vZO25QoIbdPRwLVrzkezxkFGQocc75UwrOlwNQ0JRnWZIeEj7I/1+iqk7NfjsqtODUBTAg0cxSNRKkkmxe2eo96lYsC82Q9c9a2VkknyAj0snyEj7I/1+iqkxLm7BjGH+BUbgMb7B8LovVt11Ejf0/Pe9R4YoNhesvkNfLX+BRpvvyEj7I/1+iqk2UCZgt4ZoKaeBN87Xv/YcYVW7M302rp0Bp9tke19llmZmYuwj/zoEtnvy8y6ET51pi6bUaAawezrDeNydOrkfqLNeY7HXfAZEnlWf3uilL8fdj2P6VMJk3Tr2ARI9FzAwEOCs0htV5qSYjKcnAc9VSW1JDoajBVwKW72SOL1x9T4udboUjfyvbwkHJlp+DQmSkERboS8Ev9kXhZJi+2BFRNbNVXCWJvQlnsaXaVH5MUB4vi1+0dO+ozm9hnmxhlMoLEO8cddHKcpb+Rmaz0tvT6yz7VVIOWie7OJwkITMeJ37FKQZefHV/D1Pg2F/HFWXPL5pW5G9d/51AATrr1vj0hVJYCZdOP0NlX0Q8Da2WdnD4k+iMJrAchU9LdEvTh3DcVze9WfdiLjEmwSHr3u3pRSqgSIwL2s3XjRydTxUo2d9mSrultnEPtOn5saJXx3Lxoh2CzZSa3xIvyD6oOFheq9hqcONX6bHo1FtKtnodk2PYDSp30glAD95vEJosjn4Go/2TqiLmyU5PUMtUM1vJG7fnldVFpbjaOmmu1ak+AbZKem56RdBsD95vEJosjn4cXHXXJC+tWLZcT0OXwvP1UN4yQOBdt1Le4LgmyGwdmpPvz0KweJLtoYVQi1OHVlmNwUtK33ckPMaTqL838x2H7EDwXFyGnaAn+OVXTgbgSORkdam7K3QgNVlKGR8p9cQ20QxzE+OQlcSxXmH9qG/XkW7Dh1goYI9fp+2mbIY2atYHQJmGTWRphwljnj1LrUkheuA+SitG3Eg+jk6oVRHIHSYYJYqb3i2kI2jCqvWffDxOFUvHeJ3gdWwgPt+2Q+6Hni6M7IuagKEJ5xw4l2Ev3bRgmcLBsabTo3kvErUY9O1tlQvlgg86BRmjj3pQ2rvyVEqkuCc9LKjpgPezPN43LpP7oSgVxQefvrxChXI+mqSnf2NBEQltsxaPElbJYPOVjPVwKih2uOIpVDpMsvRX+uQnJUg439rgEk7/f8gIfEUNpS7DfT2D9Q2tSl9aavyUpXELyOjbr6jOs8iAYoc63d3b7EpCvfk9KEaxIRW2JruMgCQqrqjp5Ol5xWMIJBaBQ2dP+cPTqi+vihxjBkrKFnEnEKY88C/y7JhxD5RGV95o3eD2SviALdfVKa6FHLI+eSqGTrY1a5C03vErsfI6LddZg7rWyn3l13UVcUHwskP/RItXgmkKnukeT60UJfxbfrA6bMV5l3WE2PrBbLnkIHz8kfRr6TFmNWymW4flZUpKmNAnimU3ZH74H7Ahy7Hz9B6Y7bJdXCHVeChIQTZSkmIMxSAHwB8B0k795YGJKgSX7xDdm6sBATAmFu51PoKuz40+yQ0jTd1Va4xfzlDvk0tFyQ99H1mkO50Un6G6x5HkJVN1YwTa10kMdCoBQPHY9JCIHff4ptIn6vyf/jwY0j79U0apjnCNgx0z1BWWFXUpuJif4NbIZixKZYdnwuKMWNoPb8OJUjmVfwye1o7D5CdhrK1nYefkJ2GsrWdh5n/uTP5iqtLL5CdhrK1nYefkJ2GsrWdh5WBMJj6UbWOugrANXJJNNGfkJ2GsrWdh5+QnYaytZ2Hm+F7gQHYfmSKCsA1ckk00Z+QnYaytZ2Hn5CdhrK1nYeegvmaZxiQixoKwDVySTTRn5CdhrK1nYefkJ2GsrWdh5CKlqFSi+Men5CdhrK1nYeUQf5itWv/nTg4xZ1WmRJQ/5CdhrK1nYeY1go/4zGCxRvx7bWpgE5hCOXB9l8Or63FZ9M7LOo7RHokF7Sw72CJISPN8OU3HC27jyBzKHCwSiH+PiaFx+KpfUkv6OL63ZWlXIPjS/Epd3dTrM8TVHicjaWAl9hXS/LrPRfb70oeQkY9OzKK58G9zlUFyIS2FT79ctM8O93QbqaU2cDQzV+SUzgHLx4lriQijU5XwRyxZjUIY5tTNtUYlj07Mornwb3NuEGD/9PfORjDVSrsRvrS9j07Mornwb3MPD7iRrZ080RHIg12xlPfbYDw0Xk6VjcmBNeEkAssRZjWCj/jMYLFE5UBk0FWA9yLlSFNr9lBOGOVvREq5JJXWg94ips01Sr41go/4zGCxRX3L231VHCsJj07Mornwb3GFAVCp+MjY8EjzfDlNxwttA397Mippkj3B6uw1WZnqfY9OzKK58G9wujGP490+KXLlSFNr9lBOGNQcevGxB39ImpidRVnrLCo1go/4zGCxR2CjF6ch5gKC5UhTa/ZQThhncZOUcs0iEtGlVkHpXrYKD9n3q/boyLIWvnJX+5TIqu0I3nzOMYudnasTyrtngb4JUSy3793448cjREQoZ6GBTT/lzi6l2BlNP+XOLqXYGU0/5c4updgZTT/lzi6l2BiJmW3KtIrLO3TIkB0C1SFlbI83lVRGhJLTqfhkwTCq0rJZfjPmaQC8dYvONTp08W2TM93N/Hdl5a8wtX+yuMzOIuO1GVhcfk31JmBo4G0qpqbosDLSYzRsOj1Cy9A43Ey9oNeIsFbqZU0/5c4updgZTT/lzi6l2BlNP+XOLqXYGU0/5c4updgbQUT6WchyfIZEmqhvyJbnrGt9bQS2oQQQf/3UYHIaQMg6Xpjw2EzryibIHtk+0leHAjvBFzUHNsz6zJEifzYkIAU/O/EpAeq6kbyNy8M6Vuf6yyLeYOcR3+WrsFJrRiA26+CjA3aSD6pAVX7igHRyeNmIPMFFuGvhJCU7AQDoMLuwsF1THAtQSuip7qqoT2klRXc/hJ8jFhbYMXI8dlk41jAb7Hr0v1mO2Cpyz5CDzPNrCuvQqCoefZx8eorBj0hiwcU9RAjTz0mLDsm/zCxMvLCfuAtQCaABKNbQobffAZAcwBfPckSaRuVIU2v2UE4Zqf5phQX9LxGc0zz4XOFPYozrIIgTWs5P3TkkzLjRO4GzXN1IZxUG9buMB6wJ+JFkRVT9hh1wK06feXHxbNXLSbNc3UhnFQb2RNwkZs+reoeM1d+so/regp95cfFs1ctJs1zdSGcVBvetL1WIuaJBewQPUKOwz9yBXtP6lphrEJvzlaHIdqvM+xllUMTEDf8LFrPgWXxwZ7wsmnYdf8OvceOEOhhY9U4wdPZV7t5cgH2zXN1IZxUG960vVYi5okF7BA9Qo7DP3IIgY2rHHTP+VBOFna8tntC8HIGg42fgkM+wxIhDrTtCv0yFlGpKypo+SyLqjsDUcmqKRsUZseyswxFHQ94j9AhKy7yIKMFVC/2zXN1IZxUG960vVYi5okF7BA9Qo7DP3IGegAU9LMwKU6wFFyarI51IHIGg42fgkM+wxIhDrTtCvEUyOAPRG4AlY2SNB2gn/yxhPIDLdUt1l/dfUIyIaH9JSMVaS9tuuUSW8jAOfA9s7HMQ7TjfHcMNNUMeAhhq6IUJDZSGiz7As+DfCGrvw0QolvIwDnwPbOxzEO043x3DDTVDHgIYauiFFkJUuhUbSWWewG9mP19E0/OVoch2q8z7GWVQxMQN/wsWs+BZfHBnvS9gEwiOnHCNAGvPN+L0OMvzlaHIdqvM+xllUMTEDf8JvTtVE3QuYpfJdm6LNDafvczAGajUeHtCxkFSjoPAnYvzlaHIdqvM+xllUMTEDf8LVKvwGX9PBhzInGM3ZWcKETdj3S/yTe2vBODDmRgMNFhIyhzDAIRmTEabnq8f0UrNGmcHh6WhxA5Oz0wL0w2rXxrS2VlXvkZonTPWn6u6cUjZW4ZxQE7x9eGJSfsx8xT3xsDcSv4aWYR9PTAzvwgxVYRn4V7MiPRxcBgt4edPx6S1sr8HqmHfYnBgLDCZuepA7aqz7XzqxUNAO7PT6rCVI7hRZBkWBzKrR0qjk0a5UqkFP7zIXlwNPmFcqhdXpn7RsIGTSVOu1yTNAJpW/iP5b6WoKxrXCbA/6vHbICwmcPy93qccWPt0wghSACBX6JKsf1PlvNs8Rm+3mPG3OxDAxFDIrnbGbK8SXwZz5LJXsa0W46qQCLwGzX+DnfZA0/Gf4JhqS6V3VPMeCW+9cReLo+UkuY1DibZtXo8QQV6qOR3hiUn7MfMU9YWAm+NJiN57aw/awYMCzcZNQ6IwHyXvDnTbStl9p0wJ9SZgaOBtKqam6LAy0mM0b0NcbhLGpHN3rPbWzPH7QNf/9EgA9Clm2ELwRxTNJ6tb9126TsE+FJDJmhWIbIGkPEslFrz96IOIcBz0I07oHnj3I3Qg6fexnfe/oy9sBmdOQFV+4oB0cnqLxKkGaZXMxy1vqwgSzic14CfaHc/6tzuaIjvQcFeCwS/CfbwP3u/DuC9cAYBT+i855FNMIpVDdVa0sU4I2qgk2l6jIbBbHEM4WuI/WkWX1Yvnbz42v9Px03RjA+nhtxm/hRsSHLwR3Nc+7POp0C56NtA678c6FDv120NOlJkUm9oZmSjHGIXtMu1Ilbehm5lcUZ1KGH7paXuKD3aSTP1l/Zj4rWQXkbvkXJHGxd9NRTWQTI15RE2ra9056BcOXA4i47UZWFx+T5OfjI6QfbIImdf/jKJLG0jOKLaXrDebevgZRKhU4a25CipfR2Xs+/bI2tlwSX/CNBjeCCn11xMtEFHQQcxcBvXEcS33dMIN8iLjtRlYXH5NvTtVE3QuYpXAo+ld5bUloXs5kG2o151mYQW3+3HNkjrAtnKSWzThkeGJSfsx8xT3fcnO/CaCltjaXqMhsFscQkW016mY0k1Vsenp0C48F92ZEgMXle24XJRjtrdoxht1TT/lzi6l2BlNP+XOLqXYGU0/5c4updgZTT/lzi6l2BiVBFLmzL4zhIEigEyxruITtOmFyyHN70puJBgMZ9mXYGyIV670beHNXt93SPWcvi+D/0sgX+8n3hrANZfGYT8hLMXiM/5vtTvBm1rpAaDShGmNEfUc7mF2+tyfnBYAfBG32pil8Uc39Q0yhCe/NN2OdNtK2X2nTAjOKLaXrDebeCJbF54jxdFMkglUb1n3gxvjzIC3i71kXqsiQUCTaO6/AjvBFzUHNsz6zJEifzYkIBlttxmAHv9ujs0Wt68580YAwW+LzMumj5DA0BqrVZm7Q8Tw+wgLoPjWx5ps6SPsI5CmTzSC54KPJgGKr7KzomjNAJpW/iP5b6WoKxrXCbA/6vHbICwmcP111v6UhXcrrbHp6dAuPBfdmRIDF5XtuFxN8m/DhX/TpY38B+HFYPqyvZI3JsEmM3GwDzihCIFf2u3hcdnhgpcDT3zbICU0FzEo7irSTgkauznkU0wilUN33w4geenudcZrzNzS4yZI0KP1PMgXpJ4j3w4geenudcfw6riVs5ppI/OqYbevkmd7qfTBQ67kZv2n66kIlCzY5dn7j7aoA8fK++XKsPxnz4ZnzNGANIiWj2Qy7xLd6MMXBSbcfPevG8kdwv1/dugaJJJ+v+FCjhA8lrffrgOVK/nPVH19gXXKu1FDXSmFU6aqCXjNAw0V68sQBsVk//fLfEwli8XStjCaheWbAjcL8tcWs+BZfHBnvHij0o3U6ieGvnalHSSra9oE9As+J8sYipPfyO1fuFUB1U1zfuoPJdE3OalDQBD5l7ik3z4+i33k1XHogSgJEPsSWh0+9muczhHzLPfKs3muAWnK+tlNt/8EKM0Ll6ZA2wa4fwR4EzCHWwohExB/S0fo8PwcE7mcodpvBbswsipPyxlcdH4PpsWh4gNS4Uskm4V+uVc/PTpS1aqdn5I5ALGh0DgHjM+LL8cJmnPRE1N7sEhKFhHIgyOlhFQSAE4FwX+r1pLWxpDbNWnedcS9jOsJr46Z/yfe2wdXzDk6Rl3kkh9PQ+fnIIBtXiMGcicdeC7RF2IAo1AsTA6hlqxP06vDzYxQ6ZEKS+dpqGUcAvbJiXM9Xc9QxArVqp2fkjkAsaHQOAeMz4stdz8cW1JydAuwSEoWEciDI6WEVBIATgXBebLNCEtdfMM1ad51xL2M6wmvjpn/J97bB1fMOTpGXeUYjKklv3yygG1eIwZyJx14LtEXYgCjUCyt9vQ9KSD7P8PNjFDpkQpL52moZRwC9spffMv7Clmvs5KCmZKkpulPCa+Omf8n3tsHV8w5OkZd5UIf8w0R6mE/Q9JMEEcVP3Gh0DgHjM+LL8cJmnPRE1N5uyGpVkhyS0xtXiMGcicdeC7RF2IAo1AvpoxzQ01BV0yDOkkUMOIuF6WEVBIATgXB2KUv9RsM8pp5F9qZ1/+9L8PNjFDpkQpL52moZRwC9soqCV0QUJkqT5KCmZKkpulPCa+Omf8n3tsHV8w5OkZd5FaVyhaeb3OLQ9JMEEcVP3Gh0DgHjM+LL8cJmnPRE1N7752kzWZuGvhtXiMGcicdeC7RF2IAo1As/PodOoj1gUyDOkkUMOIuF6WEVBIATgXB2KUv9RsM8pkui/4HjAyaQ6tXdJrGlTbkoj2OS5Bf52X5uu3BA5rN+wdXzDk6Rl3mSov+TYW/4w1U/U9dKCdr1gjnZjzo003lVP1PXSgna9YI52Y86NNN5VT9T10oJ2vWCOdmPOjTTeVU/U9dKCdr1gjnZjzo003kSa7plh/dZxO464cdOClNJkwius5+nLpF3Z69M8kZX1tAOqZiFlvCcOxxXXeWLrcAlSSvR6cR4MQLr7qGD9GBeZOUtaaq8Q0EI0i7XcKPMxqFl4SIzxBXLxCfkHbMnE6UjTyK84rw07xUP9HItaPT+ih8Q51EBNckQBPQ+KTh7suvRPH8rbbLFCnqV6BTJ+YM01XHyNZvxEvwhUgCsT4d0+H/mRe5/CG+LLkZeE/JuKA2YU1VDoIB9R2K5rfo3+9wVlHKotJ6x24+wB0UhS7rBYo8WxWO4YODlfpWJ9az5G1MsSsA+7bLV1eRMqpnDm6aE9Wq7KM82RpusMniXjspB3koreejAOL8FzkQQ+sbCfTTppT/pPANI9z8D/W2xT6O8S4l+Qv7XVOExSIQpHa7TL2Xmrf9or88iCd33L8yQ1OnIybImF0o2kovKeqrbJILi0MYVCPcKaglqhsK3Epk0kbdLaljwfecilSAoze1nyKYW+/3tR1Uo33HH/5iFbhNybtVxJVow/OBdkTwY9xOPpecjDyKD0SAYfmcxUqe0Y1KN0/7AB3QeCNIu13CjzMaKmGs2HOfOOp7Sy9+a21M1eWRj7oeXiB28/i7v7gi/WPyCPdeqZeTTaWqDr2vqIfZ+bcMdyaBk7MNW1rVUutTIys1J1g+26zT21nNoKw/VHmj+SZf366Y71NGlo0nNUB3cUDfL2caGpBV4W7Md6vxUPHev2n20eguJslp1O9WLeEVp6nva2pukMQZT1GL4CUI8nfzG//DquKoYjXFyQKSHx5ZzMebknYsTPFnYWD8Wt4CZOPfBz18lllDxfqaXrYZBP6Z21lfLWArVAaZquCRiY5/PPK/65CZzj06XksTWeK4PNdB0R1DeH+ICIi5pEZIMVMRXUj6GlWfvLHXQtGzHlVQe2i2Pklti+gEBNqEIrt++Bb528aAY/XFqsihFwtbhcgkHSP9vbvNvHf1DVrHztGmb+6+iASo+rN4X2J793fdQ5dCCSf5w7GIg21ZmygEGbjmRfoliRq8XILA805m8Z7Ab2Y/X0TTBtvG/pN8eIUJGuhSQ3FQ5amOTCqb//WEX9bkItj/VIUNuIZYRCnuo+Li/Qu0W4sDhl4LPHWunSnznCl0SiymOrJkoUhz18ENBbgXf72IW4zYs7Hm8t4EnXwOFBBWwAW+dQtbI8DOyhmL4mSbOd7tTx/WOYtcYM1LG7s4hZIlBMzw7lO90lzFbeGJSfsx8xT3fcnO/CaCltjaXqMhsFscQMtNb+RR99nE2l6jIbBbHELKRO+2RbYvCrpS61XkrpD44By6dc24imxQnaXPLfGw/liGx40o7dKz3FHz3glL6rTJvfTv9EupdEuRthVe2TL16kCXOBJSnmUWZyYQu09KzMSFpcJKjX9ha6MNf5UPXXqmDEZc7cIwG7cL3fEFhBSEkk4FsqfIapWFoHqNWF30+uZ6/guF6gCbQDuz0+qwlSBkM2TANqpr0VfMSIoz069CBPC6tPNXzs7j6VR+aVOAbFlIPJt+tBK2CF5Mp/atWtEQf5itWv/nTnXjSm8YpTvP3GnpuBhjJy5GRyrcmEfnAlHZJ+OMjLuoiOPhPOpRppIx4ZNdEZ6cXiLjtRlYXH5OJ6byoNlX6jK/T8I02uZMxBOFna8tntC8rJyhR/Kdc8LAh8BnM3Q8wlAorCdJKJ5mZwjD4UejYrF9NI1WCMqEnwuV7uRLOYBYsFzlwZdichtWrzUOXKsM9PtiZDCHI8fsgLuvad7R/hGbQ+jO3kXfjqi1QfgdfhFwS1yibErej+JJsNvU5++XinFvBQLqoTWdIyH3Sy5iM8vxd/RtqmlHFZDauOWFnq3VgnQngbDx3TIsiEGXdU3Ag2+qwNPit8y0IpVu89hqhRsEji7Ebf1axmERUNFC6eVd4YlJ+zHzFPfGwNxK/hpZhch4SJnAyiH94UepfX4DMGR7QTMWLirGFkVMP7H9wkz2MzcSaXTsE8VmKsQrDRg35uE7R0cXGrNZZH5ow26qm4NelP8iJ2XVHJ+MKEx90VRXCOcxFYm6N1115wR9BMfZIIZRd1M7vI8nAZKFRzqIyXmNbKJKZ6pLP4+TSJEw7mW+Rkcq3JhH5wJR2SfjjIy7qIjj4TzqUaaR9dAK+UVPXMGo3kXU0zYRIMFV87EQSlkRnrhBqGYlcN4Fw1vyiCsTmUI9qiwlsOmKRkcq3JhH5wJR2SfjjIy7qDYkX53VrexsM8e1mU1Dcl96fR1DigF6fiGPvA68/NmxixfNHWaTnO3hiUn7MfMU98bA3Er+GlmF3D4iymWsfx2N5csJ0u9xDKzFa+a8yl//+3Lh4Ghl7jXH25BFbDCUlYyVgrr4ua3S+pHjpfaFZCfkJ2GsrWdh5nVc0FZvC1Gws2JaN/sgUJONUG4i0TMiSIQoGDdQG3JJfh9f9X1HvLtuFLREpcPqZJ4l69LSngeFQCGpobx98ZACa0t0xLsZckzXhmllSNEBmqVsdvzSTHlUmEUpMkbbbPKqiQcofZiKGVHispKyMaNNF+Q+Kp2q/RB/mK1a/+dNl8c3BGMk8v0zOJpZoxNJ7+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5PaKVYsrU3YHqOYPeo4aJXjZhAvNqPHkzeokCaBfrMtTZm3m+rEVZ2eW8TdchiuJsatUgzJQgf3sVtKJyZk5w8XapfHCBEIFXYb01Pk8SeBzek0ZPwi56u0NRD++RGl9AZMrAjR2N8/g19W3TWXO0WK1CZovuUuf1bNZ38EDj7uXs386vTYZEQhbNN3AyBmU55IYZGYhxgAfe5T/nr0IY6Eti/pkpKNirlLtEGUuXNnz3wE5v1m0tH5rlXUKrmJyZ7N/Or02GREJghwqOHUR7mDAdkvOuWsOogHky1ANfeeQzGlP3mWGW8LsYv0lI2IWCfMVj+AAq60TffQQh/Jt3/sAH9igzjTuzjFmexJ017u5Ah4ElNDbISQ867hIQc3GMQlnZs+kxWdd90c2XfLP4Tr51NKbdS3sU9+1DY1sbRuoC5eYy3WzAw1J1qPOS0mZb4z6eEJGmlqxumgG4fNlv7BOoUB44SMmplIZpvbXNZMcLezUjKD9tf3NrZQadJjSRO2aYepwh9VH6RHs9JcDrJWv8FKdqIw1Q+lhb8Aoj99xaDGtU4jR63w6ngRm9AQbtgFjhrVznQodPxXHZrk/Q2BekdhXzCG6lXIX/PPpL3ytiR21SpcJtK3HhkeCkDI7QnnCG5qgslf6nBavZxBQFeXswl0txvJJjAqOnpO60+RuMRqRn1N2letBigm5XXGcV86lyIEYkp2UUnBb59liyMBGKpCqJ1dX7aXYBbqwQOK8QNrRW6hdj60n3uOup1x6DSrLC0Sqz/yax3y4UGdG3ZtHeural5CmXuLiF6XgwTdVObEgCeTywCS7Vn9LWAsScpYDCcir/S1cRDCPGGCuA4UJZ2bPpMVnX5Fh3VFlz19diGVEKvdN2NbCteqosx5UDR4uIWNqxFGgR3GcEpbO+UlpqzDy5tAyM5pzoR3Cfjlpi1r8vyFUII1Q3/vGQCl3P9p15yXTy9+hYsH4ILM68yGNRamY+ELlUB/5jjA8k4eWwV6kLDW4i4uG1yg1tuWQJ1RMlz6C/oAWJ0nySWkg33p6jNE01pPsGId57FouvOAU7Zph6nCH1URFCjaH8tzqL9hnFknYuBSW6/xFeBs3Vu256YgB1jIx7K24Cg+LnVkHPoe8HwsIQO1uAJW6Esa+rGxmGryKiL4ILTGGB4Xi8pig5hi7tLBF7Zagy39+Vg/cqKS29ux13Ngvt/domSIqqq9SreghSImG9WUl6yCIYu/yIoQQGnUasrq2WO4UlMrAeuiZ1SXg7ucmoHiJxulPeVTr7KiGfEUDT1kCMZI8nXHbPzBiRLJ3xLn7LeT6HydPCxHFBGKf8LXzV9x2zSA9EKvN8ZD+Kolm87OOzK/7zmlUnw+taX8G17nL6ibKI75aKsRo8BWBOhYtYQPAN6JxiBDWam/DmQ29SwGERbdoOg3XfvAkOW8oj4/vBCVbTsa/W2yaXAEAfIzhNsWuB3IaX6g901H9nPHKPSywXUFgt4XfffSLOezqrxzxjUxuxFpHFG3rbiSefmwOeJzlRGk2fDaPoHjR/ZT/DcX0J//mv4UNZ27nftNdoHLfteV29G1UQ5+60Z7An686cocwKd3ATNGb9exMPGi0LeFvC8nKaV6zCD0SC4GP3V1Ld15aQFnwdoG7VW1bQATsynl29dXKzY1FqZj4QuVSVdZoSoIkvAS8HqlBK+cWYDXUhW+l0ePWNPO0k6iX5AZAQIDvlrICBn6lvzVeZmkOmL+3h2EPjQ4qfVibwhPYu/viXzcuY6C+jcsmq7n6VrLi1cu/vIbW1/gbBsUO+BiWlY602L6el+Mu7MDdLFqo73FBJEHV3GS1CzVKALGxSIxeO6H0vLetriG3e7qhBGrxJ5qF3XuuwnY1Ah7sx+VePUASQhhPhWNJjqjl7ZwPdqOdHIsTbVdBBdJ1eGgNdrFkKR7T7YyD/rHw0QiTUsIhRz+5S0/JpW4o3lgzPZNVhK9UuSnB0RA1zy3k+cqjGrlGpApY0x8fgcPpGqoRLbZGzMkl8kE6dZ/dwwgi30TqC5N67i3JvrK4HTsBziuqJ/cJ2lkGOl8Eno8nc/le73Ae0sUz5cjroJntdeB50pGj/Y1/5wLMidPa+fdN/3Ewwm+doR2TqcUDfiEFaySjeNOs8mX6gkEOR/SDJ3P5Xu9wHtNaqRV1GjFqLZSAq2wjppon5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2HnAUNOAuQhq3JPk3p0wPTwqxufmNtvMmccpWu2kfMxZbPkJ2GsrWdh5fA/010zix2z5CdhrK1nYeZ140pvGKU7zjmVfwye1o7AHG5ZxIBIQUfQqgoLME37SvjIeQCdsuHCfjYEPf7pQgz7BzOgftrc4nDL2WQUSBU4XCWtdpPSG5f2l7o4UNpcpldO4gVtLuL6UxPkjiqkwhKJU7LmqGrFStYUt7Npv0wy7UKcQXang9NxLG/cVo203kjugaC6teH2t/dmZRW4YDuzzagAIP4J36+8l9WYp9nGguEvU7cxo+U1RVkaSZ3dvqQvhI7duJn/zkx40hzhoP8yYOXdRabtDeYYJfbzCObFWL30Inr6xk1Oz2Pt0Rb4seVQgZZKoWzG/NoRwW1+3ogJ9NNODgPgfVQcVSlxQWDoLioh7eSb+S4pHJDgz89ue+D1s9X+b1CsGFZKtARwqITzn4RTqKgAg110gOafs/I03UBmg33E7YVB4LWLpPv4Swm36fyJ2tXmpqTBfJoI20HD+Y+uDprdYrqeIpOeuP9hEAwlcMSBZFx5e8FH+oTQJyzS7uCgbIEm41tTSZ4ehMuLOsrB75wINmfy2WoY5VMHQMem13OwvX5Ey21i1dXLZIJLE0GjbH9emlu7H6xBUlpJbOl5cz8CIrOjwZL5QXV6CbZ1tLSvOxHQ3MILawEUi41VCbRt4AL+Yhsq9kesrwKBqtUdIbMcMi4EqV5IRnx9V9rrEmxkvHOHKI7xD8daB4WVzTRZx17DMAPvDSMbqEB4FbFc8aBJC6HX++5GPgeFxG4p+qZS2Z4leUvZpzBtDn56r7FF6yaqnXPHOpP5Wg9Ol3CSYzvFRizubPpsIxF9zHCgu/B8B0IrAjE241c+Uo5G0my2qMA30808Oj9LxOJUCQOxGPJ7qABoqnWJZgIet7/OCmI8oJuK/At/GGZBQCfGpCSxIJCFEROTBIPAQ42HZCsWlY8TvwSVOlo4XmRUT7x1vBZ42SbJ5vY3bGw9+XUdx8L+bk5nT7FsQzNfQUXD1HsqKGhJwzCfVnXipMhzFW6bJ3OJq3rbEmaF8SoaGCyJoLOJ0UBc1+icaydgdL3bNYJFZHZSAIm5D/A4x6dnhlm2al95f388IAsZugIjiLn2pcVC+aDHcIHCW5qjuFL3MI61ru8aSOZwFHkUK9dUZfcqht8+ILPHUaVSE1W7ImfoDXZfoEkS7bdmWnTcIxPumCi24Klv0X30ARTT+me5vt6jbGUQ+yHjbdCjeuKhInwUT+xzVYXxyBppH4fMLEn2NyhS51fQBMiG2fR7ec77U992KFZNgDjgOz2tH2ACVY8RnZIpfTWBSKyz15c3ldqppIOuBxuuxNQoQQwxyqfWxYbsrWeBZ2r9U2o/WC6yhZxB5sSSRXEj7O/yv3kWEJrZB81DJbTnGG4eGw7n/z3Vz31oLITDC1O7YzyX7bpEKTU9ui9WcilQkXioCyNhYeIZ2fCvzmNU3a/Qui1OwZuVOuPJfPz+jYxKXayb70wvkgXXbqS0XSWrw+k6Eptga0JQ1NRKsIpCgKJnc3QR1yNc1jASub4YWN2BDq9y9bzSMIHAxde1iguL1yDWXDRDkL5MfgY6XGltKugeuh7j5eHuJ/TizkArgadqeyIrC/FBngLWxatHKaXazorKxVdVBRl39AEQxZu3sZFch73Yajh3L7zrQerZI4AmLn9BsX3CUbc7P+fBFKfWbjPvbgG1T3UdZ8hAtQiihugd/69RLqNcysqgoAtbJxjd2k88TkcF1X9DM8mUFMIAl3F/7ciLv2n1RH22pIRIkwuK2OuVewss36Bfomt0Nr5y0OkURxkxVtzLbr6NZVSL1ZIhh8D3NDPkYEQD0m6Gp/JK2OQMvrdpGojar3CvjDjO/J4sR/lDxEKe9RMH6hpoZ5v9HVHIsBAaDzF0HEOrMNuDgOfbkvKDCnTUw+nK9eaCSW63XuC5ACiS0vK6RIl3Hr5z0anZLoGrc67gfDvnnlpqb/29guO4wPv8Qcs3Bi7Rb9gpgoqJFoQfxJVY25+prIjXmhmrTwYyYKiyOKIopN4mLhR1fWs3vUPfchsX4ZAfP8IIoey6/UdTsNfXSeQj6ECiFM7pFhPSE38byb6fNld4K6UfS/PG3O+GRUx4MbTsjR8ZWcSdElduasGtsGZ/0cECHCwJKIvdHxpsqvs7Nidl0iNTS4x3wm6ZFpztygMnlNKGR6/OvNqNZac2xnfu2fzm/gonWmpqi8dkx6Dtf7ZeEv39mKzBkrbyfFM9aqcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbdmwsydQp5Kc87jILY2COIfBNjWsPNKlAW7hgsWXLMRyYMbDEWwQ53C+E5XgJdRhquj6PowkgVylnmVPaqP14hoZTnuwo2PMHS0fq2N/6navojbfo8WOfgOFqeEhprWjKOB9zGs2CGnlMT8R76DZN5dKUollIXTtjEFcjbeklD0ffWw0PWVr3t1+oSUvMXPrSB4TBiF7S+e8OaiQaVEoHQYfTXDi0MU6nGBXYzFh9Vukb8e17Kb7qLurAIiQzyUlDg8GU54B5+XbJE6Ve32QyUICyyJ3IUHD0rT1FVe13dJOLsaPFV/qpUrzcUR0OImhWtaIh4QczX5jWQpohrPWlreWAjr5QfpnW5KJNRAxrqyVkoVFPTSBNWl2nCthSCtjgCnrDHQf086vXIGom5g8zNi95dU1xbeF91UN4da+TmF6cFDyUcXj/8yJ7oNHK8M8FxUEOB90ZDbJT/WpbK/W1DMotiMGaPXyHjE/Ee+g2TeXqAm6iUCV/N971/hpX1JLvLouXFNlW5BSrcexFlQr7byMncbwxPHjKO7cSsMlwGx7GizH3M9qJiNoJEuU+6X4SeKg1437jZq/7Xqv9Jnn9uhmeKOtU0h25t/GIbQazKKv4MeH9Ket5a/vDQC+ikLbHf1ZhFJDQgpUxwB+v/2G9W9OkXYz5kv2oto+vPutlTiRdlYyFztRX7Aze7Qzqwx/r6Dme0wlsDNQwWQIb+rpF0ncpl0H1nto9aKRLms2PJC414m2d/Md+0bQ3di2vqm6SsxJryH5PkaxGjSm9OEcFBrNdM7fMl5dTJEdUqSiN2W6zLE5BgZ/EpIiz1puMReyqxGJorlVcYNfWnHrB2FPt8rfntA53byvtu3ik77clWDx4vtMoLuB+vdhl09BbLf2J0LX+l8JeDg5BKkhlW4MuhnlBps1FHEHwe5FgupQJuUphb9gW+XDJ20zogbadi2S8cnW6OOLCnmj7vwPw65nfEMTmix02tceuSZhVBp3/wvJopXU5u+9efOK4BcJPi0fysrQPInPEr6pHj8Nl28iZLsCUWbkKjUgz7e6f9wSl1eOYlAEXfHNxOZ0sqJbUsVMSygNfsDzjONDQBJGQO/b2Mcrt1Yy0sLQndCi7XP9DirY8+LPqpybVEWVzOlLConZDArL13RKudysaFnHqHwjn/7fDy98ZP52XtSV2xtoQoJHplfxIsc/efLCzIhrMa9tyd4uRwv9Cjc0rQaEi4YUtbieY+MO5nKte+FIrlsR9o2ZvWD9f3LnrTg3hpEwV/RSfeBSwWVJUX2lKNL6qFJi4dX3TDfa4F9xml7nAG+yz6QTNY7scRVvToj5aalVF1wSd5sETd9TNXJxgGsyGAeoixytaw9kXkffQvjxF9irW0i45gHjqb2Ft17L7LyPCsMeTI8Q9G6dN6d+ri0RsnvFS+wt94iyFwHFX0OdkdATr4BpAQ9+XXeFe27YrXgguvbG4VtSBxKDPNaqSRYtb/4GCFqU4Osrz43K6n9GOM4deU1Yew25VY/eFVo7nzW7GQnXuplX/1NswBRG4hPzuwSAdj8pqOf+uBGYj9hvU7UQfxkSjUwXAa9HNg+5g390ZLumkWoOYCnEnhIQAPJZNoM9aBCg92cgKochFY5TBBykP15KAssidyFBw9JXBfO5W9FrwNTYnjsnnzkJUsND5MMdYYOvp56DDre+/Nefg1ouAeTTlgI6+UH6Z1skEi9xRkn1dYUACda0W/bIJJhiuzUe1vZ5PdUS2lLEiQjvNh1r4GdbEFw+KU6Oll/XyEs8GbSjjFkKR9rSTjplW8vx3UHpntZvyLmVilhZqKLl3EnDQaRX12q6jxn6lp6uolJRsJX46EiQt85ouyOQtNzHOsZ1Dzsf7OC13EIh3cfvOLn/K5MkWT7QA06CAQEmWpI0FyqWzS9K4FobWV5f/+nY2cicY4y6AH4OwmR5YGNYzRt2YWtfslfKqIip/3NC59Nh2bZFyGEMbDSghT1I6ue1PLXCsMPB7j1GMxbxJSZdEC5nmkwvQ2g4T7EIQ2zoBRkT0q5Z18ypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbTVGlakKLplL+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2HnbOs+3pgmi1/WY9wr19JxeuPs+dRWKFhj5CdhrK1nYea1iGGlA30v9+QnYaytZ2HlEH+YrVr/505140pvGKU7zyr+ylXkQZ0qm70ndhgikSjT6I4v6x97gnlMyuVJPJWO/KeOVr4fCpo9iQvsZbdtn2fP8VKtb+yXSwEgY/8X421dkRMuexe9B235tyJxP6jR/weTpfTiuFB+tP9Cfo9AEPC9j9fVSuQEDTcW7QbckM0kKjs9csmOa4WEP5TxLT4+ADjDN5G6pP950qSMhf4qm3uFAEAxZZqb2ryPo4Jy1sakBTNYTq+t+DUo7hflOu34qeNlGY7O4NR0EbNIIP/XkE1/fS0t7Nmzu0e3NUC2Ym14+lpBKzbeO+y6gnoyXs/x8OR67TFytilJgKJuElS/jM7LwxpASaj4/hRcDq4L0dIYDQBfpKicnwydUOuOMvQRhU3wns7LXW/dX6NcNqScVTGrnoCeuiohzkJs9pAv+2UoVmTOtyWBzpkNO/9MNn9NGJLBXIvBWVC3rf8MZ2lDC0QLF925V9HJ5iuF1W5L2uC/XulpfO8kgpUJwiC9hIsPRvVnL4R8eS+120hzJvN2+9rT2ZGWwnJklKxVEE97AkuZg/6boxIIc0tiGjyym4JRICaEWtRHgwE1d8k62Xm9YXWVxyHI9j8/BDnzMZXT9GV2ZQqkAcf6nWdAGd9/wOkxa81/FtsVv2BVqHsLXYs4G6F5/pz53uveFxbwGQBh/6VwfDI3umBOJYGmaawF6d0VL2vLIAhqAaQBQMaIL/clYXTCXee8c4ApinrnBRB3e7F1VYl2j/sqNV2+DUfBtLRRJyZQKHOOMJEX0aAhcG2Ddv/rRqsYf5w/HXqBqCDsmTMigkxA9wA5OsEJinYGYkiOfOFZi7Libg77hlafz4vDx7b6w4oLv/Ohq9dvzD88dEyBADCufSHyvYh/yoTb4PYIwUU3v4HArMc8cTs/EaN5A6uunHnqDvQkutX5DIYMlDLd5g+div4aNZlNMJgSKpoi+GPrUr4bdx0YvAFdlbHFf8Y7Y9VgwMcU+54RPIOsdesACbUnG7K/+cxAgJhOIq1j++tk0oUYsdLY+sVO5kafdGwURFL5ksPhq/Qv7IveGGB4sRYlXgvyECimj1Lb7/roNo3M0ZdEVsqc9bFUtPJ7VHoWG04o53k1Q61QCPUkHQXDtvch7tvyryL96wIF1w1b2kmGSif8s5wWH2lXVEn593S7LAHmCnG7wzx40znpUz5neE3QTcFK8ftAfMc4yxTQZwtc3aqKqaeKbeX3dorpFkrTuS1mKDW7Dq/2+PbAtt7kWcaexAwUc1jR8wzCe2BUkv1D5diRQopmG7gcrB4uL7hemDURCYxgbvd1KC0R9y5HCSoTdSmoFNiirRmxE/kNNYykGPPMsgKABpO1NpPmmZnhZ82nBv3s1/IP8JIZ5FIT2IA0giLf+ujshjnSxOtLWJI+I62sY0x8bWcaU1JPEQrXI9PtY1+6kM6hYJiZ4BhLZsJ2ycKsL0fxzXejfKfKwNqfZtqzwO66yyPOFQ/4ymXIsxkAe18oEpwkx0tljuq6YkLWHIr+ofmMeXVfxfQeiLG2nNCyxsKibc10ta8hpLXLPlxuYEGpvMnd9J64skfeNVJiT1n37QEiKE0R+D1mEx2lilfBuWM6S/RgkkB2fy43qz/q0/4EzTZ6Cbz0HeIytbYEVGctxA8PF2C6Qlz6uphZ1cV+2GsaASNC5sp8T3lWiBSZjqvnR7aIiD5v0lWONe3QrArOfWW4CDBJFy2ZlxH66HOC6gr1p7xIvTs3vNRiWz0qaV+umH9xO9nt2iQYmeRx7oqd8ZsospiGgn2CZJfGnqCvZ2hao1IxDo5igzC/XEuIeeujimb5C2sqpNahNDorrrCCW3vk/Zb1eD+Rq0efxhpgX3cd+AJF4O4YHc/2lbiDzj+f/XG8iHtDc3geOTdmGflJGyytWVuKrWckBnqSIltMEadKX1GE+xjuVl8ukIJaxJCQvix7OSTM/RI4PYQnZAMAXWSQD1lntv9F6wnOLh1tgbmJvQW4o2CG3Rzu7cqAiXZlz88UxqbDsXVo9qViTCZAHtgRUVelTo9hbMK0MxOWvR1a9Uid+V1Tc4cAvzJwXhl6B6l37/Vo4x08z/i7tliWf5RdHWN3254EtJnlbNhzeth+p5IN7haIhIqy4lZJGze6uPBwT+u19aVkHrTaLcY5FcqKLwniIA17ouJ63+DKGbyCxWggWMDDzKzb3zilzqdnMqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbUZvbqmPzBJ7WNo88eC9vw0ajivxA+z5EAWfNRPh3Amt/TfcIiHAy+znAonTXBT9JOcCidNcFP0kyj89axay+oO9v4QEJjx5eVMUOWbEy00w8G/SuQcm/4Q7gP5tdvvSaHlhwjqos3Ef2VMn9qtw22xTc2vmVHwU27H4iG/SCkYCI+rld1i3vYDTjHVspBGIjXvnWy4StKDpgixuvWUW96QS4Yt51B1QfH1qb4e1TLDg13yasH432Xez3P5G+hhFZgnNhHSorgV7kOeU9avfTXsLVJmrFi9m0iJXa+3ZnMFiICgcOidv0uNBqHX3TqqgAD2x/tBwjDJLLpdv2oTaHyInS0w4CrXhSYqe0Es0XW5vmpBCeRHuGRYL59E9np+SbvZ4lke2zbZLjDufTz5oeAm9ARa6YAsQbwTkQVdkklPbGJnFYUqi3tewWjoKitEUZ1ZNA+Ny3UA7pAvvQoTPQkYBot2AgsENeRBc8mfUasig6P54OTt247oemytLmtAeqLmY8yYjmeXWqXuqebRHvPk2n597Q5WOVOuzlTWPEioJYcHm2bu/0QJcH8O0b3oSAFeT4h3FsVvAwECxaDsBke9wh6gPesgSXVMUOWbEy00wO4b9//mjBsQsB4uAYcmmuEYTqH/Y7jDIZxBWUyZMZVu8tcyclwo9mPvQeH5gOO7BUmIfjgx/ykdiEr3ggBv6MJbUQftYGm/9nTfzZqDc8iW/PmG3bzMYEHC0Tyra04XgHkjMAtKnDHWRd6MEpA8EkWLsS5+ZFep8vwkFMi3EDw+C8iG1X1NnTBP0ZrShNgbULAzaV8mt6QtFgJsAl/gaTuBTU+rRyi0/b777sT0aYHMz1cYRl+a5YdfnU7WyE+HAOYVterJmMzyfWBBjGv5kYS6xmUx1kTjunfm6uE7z0WC9ARa6YAsQbwTkQVdkklPbGJnFYUqi3tfnHGIUqi13GZH1diRo4mzE2Pb/mctua4PwevwT2BAkKpzwm9JlPjzYSVPczfhJ7JkemytLmtAeqOWGLjk33PIwVQzSolvDX3p3JhXU6ca+wMAXLAEjw6oeyfRSExhupOuji3Nrys5vzl9aCPmi+iVSH/2TnFdrPj2jh6lC0D2II8ypkXjY2Ipt1THg1gCOwu8rwAlYe2970APHjq9apC9rU8yoxZKXx2DfNCS9nhfZ/25KKH27rSRvQVDrNHuSHMO7CKn8tAK4Py6k9IynImOYGqYa6oruXKb+n+LPo4VaS4o/+pagfjsvOQuG7Zz79xb3dviV62F9tjE4h3JL+009RNw4wlhmMqi+SIOeybtWriiTobeu9HUuzKmReNjYim343zAFskyrcleawVLS5JG9B4dKMhgmKaSLzGI1Z/S6DdFRR32Wd/qDhj86wvkl7UmGCneF6hmGbf1NA7QQDH+WRdqHfFm0qp7+TqNi6vO6m02Q51gWqX5TuXlXPpzK1w2516zNajI/6KyhUeKuqlgfcFKRfsmB8xDXD980x9LITWqXpQUyLYiusHyVEf+jkDrMqZF42NiKbYN6NrydA/34B0hC5Auvk0t8yZHyB3MXzxbiu4h4dQmrIeXpMpNUP+TugBVKPPp66ZooJmhU05lGMZyUlsm9RnaaH71bcxf52MypkXjY2IptNL4jwYThEwcea1o76OawTDyjitnvCahmaTbUIyykEGGsVV3rpz0DU+Kohpv5MnEmPMCKOYOokPmN/gI+/u2aoOiwYBFJcCeQzKmReNjYim0qfbxyL7U3QfB2meHsmkN222iLrOXpRaETnmBztnqUsultT1o7tvzzNqdSAkl6rES42r70oN7J/rBrk1FmzfN6zKmReNjYim3MqZF42NiKbdE0EnVdaimmF85gEYyAwIcr5OMnUEMiBMbaxZuOzwOUVY14HIIrxfUs5GLJKoMOjZy+rlDOY2FcuWinV+sPSyPeYBv3zmwaAnvuAyxRNdu3Zz4FupFE2JIDvVP6zayGeAssibloLDRkDS66Gl6cGZ7cUptNoApkOnU1BuMe+qIobTjmaBzcBonzgS32Je3UeoaZa+VkyQEwqXuqebRHvPlozt1FaiqE5JbrvFeo7i6ol7gF06WilJNrZoM4spAzgnLAeuTx80f5t1XAYfLdatpjh0ghfhCWd8ypkXjY2IptHDBqI54WmxRAlDARD1waDy1TMslACDCVk/aGuL3XzKJyoJpPx4rHtKcmCiFySn4OZH6YaGiaDonx20+ZVZRnrixjTiSOswhb/iqSqSjBbU5eqfrRljUa2VBloQQ+SZb4AlQcUPLDYtbN7YipXOg62LiazgHaNid8V8hP9Rm/YwsQBlSmbuHtyt49gkPfrkIg9jpmclNlG468BA68GNSlCdYI9oV5kfRlwY5RhqBQJnZ6gg9e04Tnt6Hh/31800DzESjRFnmSe/OtOIGq9rcfsWYk3AwrfRf2kM1DzcfQh729ARa6YAsQb4ShwqaybWGaCjGCabwI3HxZAaQzX6xqybfUxihUE5RNGe8fB4b5PI0RQYs+LktmyinzxZWmQFpVJz+gqSQmEu9uFwdOb8fx+LmY8yYjmeXWVNddA2NvMKEz4YxtRKruyj9SdEc2V7inaHhJKSNnl2md933jZ4TOzrVI7LjPo5Li2NyifiCkGwGEUg/+TvKsZMypkXjY2IptkbCo6pCpzAgiB3/jM9kV2BwgqNQOow8ybFMYORCAr1XNqQlqUTx7dhoPKcIzBnhF3AoleZP0de78HfaocYdviap42dTs6uoC02PZ2Y/050mPivx6+zAPUn+ft2C/YeI6Y/B+xQUUs7SQpvXrsK94f3jqSqTJHAATH2W4yDc1ewWnmNqirM52XJGmY6101omYM6aIVOFRlkEqRi+pm7b1EAiE/nNooqOK17tWZ7U5Lp+I0to0zV5CQrRAS2vA8AtO3Rco1eRDEvPz7C1Nz++b1gJV0DhLgmeZzCqkJJTB+kjaFJit7nt2fylpctWHeXssmfmgB0bDRCI3x22tOJs31szyOtnQBVN0vlEVb00maGhcRBHbcB7Xxynz2I7kxUhi1/XGTcxs979NksakuLd50jBdRYv3bZl+UxQ5ZsTLTTD+cV3M7YVIfEB71Mwawi40aOcdqxyfGhkDXheTQhB8IdjzpA+enO6nrZzXdYxIaX74JH5a/+Ym3sypkXjY2IptuiiApt1Eiqkr96TMSqWOWouwoRgzBfwLAwyR9lccNkpysBhPq7G5jK/Oizokde8Vrs49xirmeeYr96TMSqWOWpx3eqFo1Y4ogixuvWUW96RHqTUfdEK5OuOB1UuHgSjrkKMRQqAVwNgwGQYhQu+vCQTar2Mps33iF1eUyMNCwB3BC8YuJHQYGOT4TsnT8AyVjz3nGfiAlcRjtdRC+LhtcwMlIPY2hRk1QDwNUifIz4sZLuo/weNYPgbprRwIR7CD3PpdcoYdABuFmJHH90kfdgMlIPY2hRk1vrQlKSv6Uie9ARa6YAsQb+SgbfVWVjgwJravYnamJd7GiyzYd4x34Oazq6Rfi2THeLONHlJJqMginS/UaLJMBhEODQwOPTug0QiwItWfrf/VTE19ufzchLmY8yYjmeXWm37SolAFEV5xvrfqgfuFmL+LhQewYKiirUN2IrlyHqOT2jM2fXoSrERoTkfjl3JibhAPjAaS9lNi37IRvQ5DpWPwfsUFFLO0O4b9//mjBsQsB4uAYcmmuBKsKjrAvV9aOk30+3qCylKiG9Woj9dUSg0OvNI8386OUpjQCPOhIXa5xwI2tuZKSd0zQi8q3htBnTfzZqDc8iW/PmG3bzMYEHC0Tyra04XgdXuCVbf5MtAhUd1ccsWVhBBpAnELTCSdi8y7PTH2hv9vkJa0ipAXGyktXoi7j+U7A1cehHs3tLtFgJsAl/gaTuBTU+rRyi0/b777sT0aYHNaz8P8Pt2Ok9XWNHHQMX7fP9IVokjG0/vfiVpVNY5pLIDIoJ82pLKX7+vKuQEqKJu9ARa6YAsQbzyOIHeYFALCz8nc2xy0azGmDfpBRhPTsGO5dS17AWQyxxjG7Apxoq45CAtmuMOJ9+4ZdAFY0XPuFiD1t5i9KjLVTE19ufzchLmY8yYjmeXWvWMwZ5TUC+peokCkgWarX/06QL8DPCJo0azmirTrstNGrd+jGQ5x9cXL4wh0/l5Tsbef8RY5KrIziB9NIJ9dYWPwfsUFFLO0nwVQgwErP+prpI1N/ToZHwkXV7CjbdxDjcG3eI9Dr9EXLccnJlXIE27VJ77qOSqsuqKJ5YNt20AAb87pWl6EEwuQCzEWEUmSx/PeWCyOrnyWb5RuahV7RjMQtgzyoWgudZA5kS01s7TMqZF42NiKbVmmetgkTz59OFnSsjJ4T6aJb+Oe6PmL4QJ2SSiS4DveMg4C/zlr2zpD9P7i0IFelVrT/3k5B7O3rbWFx046kDFZelIBdJgnRbGwD6tAm9QRlaPma32HcRG5Vg7LMGd8jVrT/3k5B7O36bB6rDIDNPbMqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbWfgNjHhqT0r+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn3STillIxTz3UyzS2bY6mJo0XJaVwCNXuwzIVWc0NaiHNdMb8LU7UnGqjzn1rkl4j5CdhrK1nYefkJ2GsrWdh5wsKrWsUg22L5CdhrK1nYefkJ2GsrWdh5k2GO+LjxJ403xr+YwauKPFPCu1gbDZpQ6K5ymTMIxYx7zhiPKvnR5iOCADrHmEXKfjSpEG/LXNTXAwSMqn3g0f1SAM9EDG9Rin0g+eLj8v+sDDcbpYTsE6SfQiFojzu3Mysy2rY2L+jBwN3i82z00Sis8pi7ozIP9xi7GrzR1iAhQ15vuzDFCfMsvHXW5a2lCdumLmVPswVNEVBjYgEGeBRRKzEjEy45tGmb+6+iASo+rN4X2J793TKwxtC/uCmAmcgdg8qfsoH/RnZmY3WaevkJ2GsrWdh5q05fXYni/epvZ2cExcperfkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYedtSYtvPjUlo/0Z2ZmN1mnr5CdhrK1nYeYyZQBxgW9SQNH/oKhBPuUQRJ+tNS5hK6q3q6p47/N/JWpGjJ9OG1+ZV5LnOvToEibKZX1KzYJrbZXZOeqY4oZn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5RB/mK1a/+dOXSRvpwRanQJED3vQB5/Gu+QnYaytZ2Hn5CdhrK1nYeXGi/30jUaijteArk5RlPqSbe2kFLZFuHfkJ2GsrWdh5+QnYaytZ2HmOZV/DJ7WjsO2ktNYLQFIFmkgc51VMrukxAS1AiAHmM/kJ2GsrWdh5r/J6PJHt3SkbHsJ9qznfo5l+/nafIjkwL1nwBjdMf66hiAd5hRS0RiO239sXDTZjiVHw0aoGmJ2pl/Mcj84mTkucnNrA8gA40EQU3oSmg0qdeNKbxilO8/kJ2GsrWdh5CGP1FAC9kClQmRJiu4SsnPTARCtHFLc36EnIYBIMSD75CdhrK1nYefkJ2GsrWdh5GK52QCGjGkxEH+YrVr/50/HvFNS/eUSy6SYgaJnjpPShmxJnC+rKuzM0pL6E0dmbj/XZv1JzKW6bZzaEF9gzszYYN8jgexqyPzaZP841U6Iz+Md+LUdUTIZqosa2GWrADkfn8tyEI3X5CdhrK1nYeZuinuzbcRP88PWp8m9bFEq0tj5OPZ2ULR5GPhg3STVhn+IwnW2l/qbwtRVETfG9cEuX7fQNWPzgC4o7bjpdREwedjeing9Z6scPIsvHcdJkSCk+GfdbIaB4LQyrni7DpQveH7At33ALEgFmxEmSNDM7Zr7idbUatXabwW7MLIqTqXIHvKlSzRj5CdhrK1nYeX/o0dSiPTfsk4GcXmyY/S9iWh15Y/KKyky/4nqMJ6QNMWx5XoqqMQjIL/P2K1p9zfkJ2GsrWdh5pU6tcR9mlZItejzGZCrZ1wmN9qI7ATeZNn7mTGylWB3O+UPtIGX9e7CnEPSy3TZS9kS8Lr5EhD1gnQngbDx3TP39m/43FGuvepuW23dK1iVZG1s+6DCFT7dcGW+KaAoTvSIQwZasRjFYuWrYgVvJIyihbZaVagSDatiEoa2Tb4adezZoUJGx04cWlivu9GIJsoQvGLq+SzEBy3wPglAqsMHV8w5OkZd5iHoM+DumgDPPovTKl/30IHKm7L9xLbUBYwk+LXxsXvPWLole/kvlaKP20ptKMoU/TXQfwO/JH7Qzb0W9hD8gjmJO8LU8S2sD6PYpGHGCr5m4B8ZUlqD8ZU/io47CRoRppVem3Bs4q6hH8f+ikFAaXP6Q6Jmv+esFLCSzXHdGdtP8lqWIlRVhBOrYe7oqQ+PSVeS5zr06BIlAxHSgABlelLmA6XO1HRjmaTyUKNQQk8FPzIe8wbzv+nKH6FZAPnvPOt2cd3i7uRQ4GqUwNQ0KmoyhXiyihjM6cofoVkA+e8863Zx3eLu5FDgapTA1DQqa407KbKHkCoKGr6BCJh9MywHop8o0SFd9ipRfOS3edf+C8lHCFoWAYGNwauyqP0kL6fu5HTimkiWhAjnsTQgvm8Sd/S7DdUDukl3fjOcxX+BMrg5O5NOfBfkJ2GsrWdh59izKofEp8T7tCJh/pwbtLDrdnHd4u7kUOsHdhCdv1A5VJNRtOLwoiXXunsFr4O3lkO5hXh98W47o9ikYcYKvmbgHxlSWoPxlT+KjjsJGhGmlV6bcGzirqEfx/6KQUBpc/pDoma/56wUsJLNcd0Z20/yWpYiVFWEE6th7uipD49JV5LnOvToEiYbCgckW4jVos2dTmswn6a6146kJjR+Khf8UELS8LSmkU+MmnnwFM8GhmYPpW955fahnz7ASfYfMlqeFs/SP0mvOjdh0F5fu0xqgl3kAtit3NylV2FV3jbTZHywShjzMgXTcwVlI+vykOteGYuj5nIfQjlm/Mtm8PP6Q6Jmv+esFMHPi567moyN1Hic/goMCpjZB+R6pDSPhBGu4lsbNqNQbk8zXTnjUlQgAaCZ1UMxSz6L0ypf99CCMfAm9E9/UaM3OpxqPpx5pFzqfz10TABC06agRqk2lzaa7D1v+tYw/HmBOrE3bbxS0MxTfpIEMEfPOR5ghW9cVDkfn8tyEI3XLaUBdMuSxkH4upZe4vDwcz6L0ypf99CD5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hk0G52L5IMo+4kB5mpClDnKOLscgCcULXT5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYec4yJ7S2HCnP
System.Security.Cryptography
OU.CZ
BQS.bm
System.IO.Ports
recipes.json
options.ini
bionics.json
vehicles.json
snippets.json
monstergroups.json
log.txt
names.json
techniques.json
martialarts.json
professions.json
dreams.json
mutations.json
materials.json
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
16.1.0.0
16.0.0.0
uJTlW.exe
uJTlW.exe
uJTlW.exe
' saved.
' but got '
" doesn't exist and cannot add.
CataclysmModder.Properties.Resources
get_SpringGreen
CataclysmModder.schemas.items.txt
CataclysmModder.schemas.items.txt
^9%%&
O%*a8
get_OpenItems
get_OpenFiles
,-%e@
%%:/+e
AYt%d1
CataclysmModder.schemas.item_group.txt
CataclysmModder.schemas.item_group.txt
ListBoxDeleteClicked
System.Windows.Forms.Layout
preserveUnchanged =
CataclysmModder.Properties.Resources.resources
3System.Resources.Tools.StronglyTypedResourceBuilder
Indent with Tabs
Help text will go here.
Delete
Next Item
Delete
ownerListBox
ClearSelected
RecipeUnknown
HACKSAW
Delegate
MulticastDelegate
character
contains
contains
CataclysmModder.schemas.professions.txt
CataclysmModder.schemas.professions.txt
System.Windows.Forms
GUN_SKILLS
Envi. Protection:
FIRECRACKER_ACT
FIRECRACKER_PACK
FIRECRACKER_PACK_ACT
A list of skills a player choosing this profession starts with.
PIPEBOMB_ACT
item_groups.json
enviromental_protection
enviromental_protection
vehicle_parts.json
The maximum skill level that can be achieved with this book.
The minimum skill level needed to understand this book.
mscoree.dll
ListBoxTagData
[item]
<requires_skills>
requires_skills
get_Magenta
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
skill_used
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
get_ResourceManager
<skill_used>
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet

Foremost
Matches
0.exe, 749 KB, 420.png, 264 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: https://github.com/brianmacintosh/catamodder, http://en.cataclysmdda.com/
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious: log.txt, CataclysmModder.schemas.items.txt, CataclysmModder.schemas.recipes.txt, CataclysmModder.schemas.professions.txt, CataclysmModder.schemas.item_group.txt
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 773022
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-04-20 18:13:02
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 140

pushpopmath
.text: 408

ss register
.text: 3

garbagebytes
.text: 45

hookdetection
.text: 10

software breakpoint
.text: 4

fakeconditionaljumps
.text: 4

programcontrolflowchange
.text: 41

cpuinstructionsresultscomparison
.text: 56

AVclass
agensla
1
VirusTotal
md5
89b27bc015def35be1bf6497833701fa
sha1
d03b7a4f1568ec33366d335feecec3a782bbae9c
SCANS (DETECTION RATE = 72.60%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200513
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=84)
update: 20200513
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200513
version: 6.21
detected: True check_circle

Bkav
update: 20200513
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 0056519f1 )
update: 20200513
version: 11.108.34077
detected: True check_circle

ALYac
result: Backdoor.RAT.MSIL.NanoCore
update: 20200513
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:PWSX-gen [Trj]
update: 20200513
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.Nanocore.jlejb
update: 20200513
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/MSIL_Agent.BGV.gen!Eldorado
update: 20200513
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.41389
update: 20200513
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.33698722
update: 20200513
version: A:25.25620B:26.18714
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200512
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20200513
version: 4.4.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200513
version: 83686
detected: True check_circle

Zoner
update: 20200513
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200512
version: 0.102.3.0
detected: False cancel

Comodo
update: 20200513
version: 32438
detected: False cancel

F-Prot
result: W32/MSIL_Agent.BGV.gen!Eldorado
update: 20200513
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.MSIL.Inject
update: 20200513
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXKG-HB!89B27BC015DE
update: 20200513
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Kryptik!8.8 (CLOUD)
update: 20200513
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200513
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Igent.bTA8Tj.41
update: 20200513
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200513
version: 2.0.0.4089
detected: False cancel

Acronis
update: 20200509
version: 1.1.1.75
detected: False cancel

Alibaba
result: TrojanPSW:MSIL/Kryptik.cf0943ae
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D20233A2
update: 20200513
version: 1.0.0.875
detected: True check_circle

Cylance
result: Unsafe
update: 20200513
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200512
version: 4.0.2
detected: True check_circle

FireEye
result: Generic.mg.89b27bc015def35b
update: 20200508
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200513
version: 2020-05-13.03
detected: False cancel

Tencent
result: Msil.Trojan-qqpass.Qqrob.Eddy
update: 20200513
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200513
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200513
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_92%
update: 20200513
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.33698722
update: 20200513
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.Agensla.i!c
update: 20200513
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33698722 (B)
update: 20200513
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.Nanocore.jlejb
update: 20200513
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Agensla.VOK!tr.pws
update: 20200513
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200513
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200513
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200513
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200513
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20200505
version: 3.2.25.947
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Kryptik.R333655
update: 20200513
version: 3.17.6.27456
detected: True check_circle

Antiy-AVL
result: Trojan[PSW]/MSIL.Agensla
update: 20200513
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200513
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200512
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Occamy.C
update: 20200513
version: 1.1.17000.7
detected: True check_circle

Qihoo-360
result: Generic/Trojan.PSW.374
update: 20200513
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200513
version: 1.0
detected: True check_circle

Cybereason
result: malicious.f1568e
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.VOK
update: 20200513
version: 21319
detected: True check_circle

TrendMicro
result: TROJ_GEN.R023C0PDQ20
update: 20200513
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33698722
update: 20200513
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_60% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0056519f1 )
update: 20200513
version: 11.108.34079
detected: True check_circle

SentinelOne
update: 20200505
version: 2.2.0.96
detected: False cancel

Avast-Mobile
update: 20200513
version: 200513-00
detected: False cancel

Malwarebytes
result: Spyware.AgentTesla.bit
update: 20200513
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200513
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojanpws.Msil
update: 20200513
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20200513
version: 1.0.134.25112
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34108.Um0@a4fOBUc
update: 20200428
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33698722
update: 20200513
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200508
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: GenericRXKG-HB!89B27BC015DE
update: 20200513
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R023C0PDQ20
update: 20200513
version: 10.0.0.1040
detected: True check_circle

total
73
sha256
59c82acc7c45e2b07694688f1d2b4a0ed9356b3e645486bf46b4ccbfb240f475
scan_id
59c82acc7c45e2b07694688f1d2b4a0ed9356b3e645486bf46b4ccbfb240f475-1589368461
resource
89b27bc015def35be1bf6497833701fa
positives
53
scan_date
2020-05-13 11:14:21
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
24/6/2020 - 20:45:43.653Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:45:43.653Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:45:43.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:45:43.668Open1480C:\malware.exeC:\
24/6/2020 - 20:45:43.668Unknown1480C:\malware.exeC:\
24/6/2020 - 20:45:43.668Open1480C:\malware.exeC:\Windows
24/6/2020 - 20:45:43.668Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 20:45:43.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.668Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.684Open1480C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:45:43.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 20:45:43.700Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 20:45:43.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 20:45:43.715Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:45:43.715Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:43.731Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.731Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:43.731Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:43.731Open1480C:\malware.exeC:\
24/6/2020 - 20:45:43.747Unknown1480C:\malware.exeC:\
24/6/2020 - 20:45:43.747Open1480C:\malware.exeC:\Monitor
24/6/2020 - 20:45:43.747Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 20:45:43.747Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:45:43.747Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:45:43.747Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:43.747Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:43.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 20:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:45:43.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:45:43.872Open1480C:\malware.exeC:\malware.config
24/6/2020 - 20:45:43.872Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:43.872Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:43.872Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:45:43.872Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:43.872Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 20:45:43.872Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:43.872Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:43.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:45:43.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:45:43.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:45:43.887Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:45:43.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.887Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.903Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 20:45:43.903Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 20:45:43.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:45:43.903Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.903Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:43.903Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:45:43.903Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:43.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 20:45:43.918Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:43.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 20:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:43.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:44.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:44.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:44.200Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.340Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.340Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:44.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:45.934Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:46.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:46.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:46.825Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:46.918Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:46.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:45:47.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:45:47.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:47.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:47.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:47.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:47.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:47.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:47.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:47.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:47.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:47.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:47.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:48.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
24/6/2020 - 20:45:49.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
24/6/2020 - 20:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 20:45:49.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 20:45:49.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 20:45:49.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 20:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.418Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:50.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:50.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:50.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:50.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:50.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
24/6/2020 - 20:45:50.762Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:45:50.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:45:50.762Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:45:50.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:45:50.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\ShFolder.DLL
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:50.809Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:45:50.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:50.809Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:45:50.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
24/6/2020 - 20:45:50.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 20:45:50.809Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 20:45:50.809Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:45:50.825Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:45:50.887Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:45:50.934Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:45:50.981Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:45:50.981Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 20:45:50.981Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 20:45:50.981Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 20:45:51.122Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
24/6/2020 - 20:45:51.168Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 20:45:51.168Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 20:45:51.168Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 20:45:51.262Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
24/6/2020 - 20:45:51.309Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 20:45:51.309Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 20:45:51.309Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 20:45:51.450Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 20:45:51.497Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 20:45:51.497Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 20:45:51.497Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 20:45:51.637Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
24/6/2020 - 20:45:51.684Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 20:45:51.684Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 20:45:51.684Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 20:45:51.778Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
24/6/2020 - 20:45:51.778Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 20:45:51.778Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 20:45:51.778Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 20:45:51.872Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
24/6/2020 - 20:45:51.872Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 20:45:51.872Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 20:45:51.872Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 20:45:51.965Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 20:45:51.965Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 20:45:51.965Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 20:45:51.965Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 20:45:52.106Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
24/6/2020 - 20:45:52.106Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 20:45:52.106Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 20:45:52.106Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 20:45:52.247Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
24/6/2020 - 20:45:52.293Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 20:45:52.293Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 20:45:52.293Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 20:45:52.387Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
24/6/2020 - 20:45:52.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 20:45:52.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 20:45:52.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 20:45:52.528Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
24/6/2020 - 20:45:52.528Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 20:45:52.528Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 20:45:52.528Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 20:45:52.622Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
24/6/2020 - 20:45:52.622Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 20:45:52.622Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 20:45:52.622Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 20:45:53.168Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 20:45:53.590Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 20:45:53.637Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 20:45:53.684Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
24/6/2020 - 20:45:53.684Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 20:45:53.684Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 20:45:53.684Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 20:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
24/6/2020 - 20:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 20:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 20:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 20:45:53.918Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
24/6/2020 - 20:45:53.918Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 20:45:53.918Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 20:45:53.918Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 20:45:54.12Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
24/6/2020 - 20:45:54.12Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 20:45:54.12Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 20:45:54.12Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 20:45:54.106Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
24/6/2020 - 20:45:54.153Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 20:45:54.153Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 20:45:54.153Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 20:45:54.247Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
24/6/2020 - 20:45:54.293Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 20:45:54.293Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 20:45:54.293Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 20:45:54.387Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
24/6/2020 - 20:45:54.387Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 20:45:54.387Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 20:45:54.387Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 20:45:54.481Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
24/6/2020 - 20:45:54.481Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 20:45:54.481Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 20:45:54.481Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 20:45:54.575Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
24/6/2020 - 20:45:54.622Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 20:45:54.622Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 20:45:54.622Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 20:45:54.715Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
24/6/2020 - 20:45:54.762Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 20:45:54.762Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 20:45:54.762Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 20:45:54.856Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
24/6/2020 - 20:45:54.856Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 20:45:54.856Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 20:45:54.856Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 20:45:54.950Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
24/6/2020 - 20:45:54.950Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 20:45:54.950Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 20:45:54.950Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 20:45:55.43Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
24/6/2020 - 20:45:55.43Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 20:45:55.43Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 20:45:55.43Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 20:45:55.137Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
24/6/2020 - 20:45:55.137Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 20:45:55.137Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 20:45:55.137Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 20:45:55.231Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
24/6/2020 - 20:45:55.278Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 20:45:55.278Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 20:45:55.278Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 20:45:55.559Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 20:45:55.700Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 20:45:55.700Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 20:45:55.700Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 20:45:55.981Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
24/6/2020 - 20:45:56.122Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 20:45:56.122Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 20:45:56.122Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 20:45:56.262Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
24/6/2020 - 20:45:56.309Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 20:45:56.309Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 20:45:56.309Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 20:45:56.403Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
24/6/2020 - 20:45:56.450Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 20:45:56.450Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 20:45:56.450Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 20:45:57.106Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 20:45:57.809Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 20:45:58.184Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 20:45:58.606Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
24/6/2020 - 20:45:58.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 20:45:58.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 20:45:58.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 20:45:59.637Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 20:46:0.340Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 20:46:0.715Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 20:46:1.137Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
24/6/2020 - 20:46:1.512Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 20:46:1.512Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 20:46:1.512Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 20:46:1.653Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
24/6/2020 - 20:46:1.700Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 20:46:1.700Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 20:46:1.700Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 20:46:2.28Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 20:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 20:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 20:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 20:46:2.684Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
24/6/2020 - 20:46:2.965Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 20:46:2.965Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 20:46:2.965Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 20:46:3.340Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 20:46:3.762Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 20:46:3.762Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 20:46:3.762Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 20:46:4.137Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
24/6/2020 - 20:46:4.465Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 20:46:4.465Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 20:46:4.465Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 20:46:4.981Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 20:46:5.356Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 20:46:5.356Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
24/6/2020 - 20:46:5.356Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 20:46:5.356Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 20:46:5.356Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 20:46:5.918Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 20:46:6.340Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 20:46:6.340Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
24/6/2020 - 20:46:6.340Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 20:46:6.340Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 20:46:6.340Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 20:46:6.481Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
24/6/2020 - 20:46:6.575Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 20:46:6.575Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 20:46:6.575Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 20:46:6.997Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 20:46:7.325Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 20:46:7.512Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
24/6/2020 - 20:46:7.606Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 20:46:7.606Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 20:46:7.606Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 20:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 20:46:8.309Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
24/6/2020 - 20:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 20:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 20:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 20:46:8.497Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
24/6/2020 - 20:46:8.497Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 20:46:8.497Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 20:46:8.497Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 20:46:8.590Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
24/6/2020 - 20:46:8.590Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 20:46:8.590Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 20:46:8.590Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 20:46:8.684Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
24/6/2020 - 20:46:8.684Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 20:46:8.684Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 20:46:8.684Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 20:46:8.825Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
24/6/2020 - 20:46:8.918Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 20:46:8.918Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 20:46:8.918Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 20:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
24/6/2020 - 20:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 20:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 20:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 20:46:9.247Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
24/6/2020 - 20:46:9.247Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 20:46:9.247Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 20:46:9.247Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 20:46:9.340Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
24/6/2020 - 20:46:9.340Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 20:46:9.340Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 20:46:9.340Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 20:46:9.434Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
24/6/2020 - 20:46:9.434Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 20:46:9.434Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 20:46:9.434Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 20:46:9.528Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
24/6/2020 - 20:46:9.528Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 20:46:9.528Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 20:46:9.528Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 20:46:9.668Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
24/6/2020 - 20:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 20:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 20:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 20:46:9.950Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
24/6/2020 - 20:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 20:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 20:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 20:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 20:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 20:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 20:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 20:46:10.137Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
24/6/2020 - 20:46:10.137Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 20:46:10.137Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 20:46:10.137Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 20:46:10.184Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
24/6/2020 - 20:46:10.184Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 20:46:10.184Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 20:46:10.184Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 20:46:10.325Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 20:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 20:46:10.559Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
24/6/2020 - 20:46:10.606Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 20:46:10.606Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 20:46:10.606Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 20:46:10.747Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
24/6/2020 - 20:46:10.840Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 20:46:10.840Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 20:46:10.840Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 20:46:10.934Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 20:46:11.28Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
24/6/2020 - 20:46:11.28Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 20:46:11.28Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 20:46:11.28Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 20:46:11.356Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
24/6/2020 - 20:46:11.543Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 20:46:11.543Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 20:46:11.543Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 20:46:11.637Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
24/6/2020 - 20:46:11.637Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 20:46:11.637Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 20:46:11.637Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 20:46:11.731Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
24/6/2020 - 20:46:11.731Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 20:46:11.731Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 20:46:11.731Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 20:46:11.825Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
24/6/2020 - 20:46:11.825Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 20:46:11.825Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 20:46:11.825Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 20:46:11.825Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
24/6/2020 - 20:46:11.825Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 20:46:11.825Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 20:46:11.825Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 20:46:11.965Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
24/6/2020 - 20:46:12.59Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 20:46:12.59Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 20:46:12.59Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 20:46:12.106Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
24/6/2020 - 20:46:12.106Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 20:46:12.106Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 20:46:12.106Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 20:46:12.247Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
24/6/2020 - 20:46:12.340Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 20:46:12.340Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 20:46:12.340Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 20:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
24/6/2020 - 20:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 20:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 20:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 20:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
24/6/2020 - 20:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 20:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 20:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 20:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
24/6/2020 - 20:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 20:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 20:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 20:46:12.715Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
24/6/2020 - 20:46:12.715Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 20:46:12.715Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 20:46:12.715Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 20:46:12.809Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
24/6/2020 - 20:46:12.809Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 20:46:12.809Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 20:46:12.809Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 20:46:12.950Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
24/6/2020 - 20:46:12.950Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 20:46:12.950Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 20:46:12.950Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 20:46:13.90Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
24/6/2020 - 20:46:13.90Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 20:46:13.90Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 20:46:13.90Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 20:46:13.137Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 20:46:13.137Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 20:46:13.137Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 20:46:13.137Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 20:46:13.184Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
24/6/2020 - 20:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 20:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 20:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 20:46:13.372Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
24/6/2020 - 20:46:13.372Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 20:46:13.372Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 20:46:13.372Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 20:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
24/6/2020 - 20:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 20:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 20:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 20:46:13.559Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
24/6/2020 - 20:46:13.559Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 20:46:13.559Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 20:46:13.559Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 20:46:13.653Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
24/6/2020 - 20:46:13.653Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 20:46:13.653Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 20:46:13.653Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 20:46:13.747Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
24/6/2020 - 20:46:13.747Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 20:46:13.747Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 20:46:13.747Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 20:46:13.840Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
24/6/2020 - 20:46:13.840Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 20:46:13.840Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 20:46:13.840Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 20:46:13.934Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
24/6/2020 - 20:46:13.934Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 20:46:13.934Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 20:46:13.934Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 20:46:14.28Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
24/6/2020 - 20:46:14.28Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 20:46:14.28Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 20:46:14.28Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 20:46:14.122Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
24/6/2020 - 20:46:14.122Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 20:46:14.122Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 20:46:14.122Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 20:46:14.215Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
24/6/2020 - 20:46:14.215Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 20:46:14.215Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 20:46:14.215Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 20:46:14.309Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
24/6/2020 - 20:46:14.309Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 20:46:14.309Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 20:46:14.309Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 20:46:14.403Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
24/6/2020 - 20:46:14.403Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 20:46:14.403Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 20:46:14.403Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 20:46:14.543Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
24/6/2020 - 20:46:14.590Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 20:46:14.590Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 20:46:14.590Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 20:46:14.731Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
24/6/2020 - 20:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 20:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 20:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 20:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
24/6/2020 - 20:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 20:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 20:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 20:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
24/6/2020 - 20:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 20:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 20:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 20:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
24/6/2020 - 20:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 20:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 20:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 20:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
24/6/2020 - 20:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 20:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 20:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 20:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
24/6/2020 - 20:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 20:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 20:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 20:46:15.340Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
24/6/2020 - 20:46:15.340Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 20:46:15.340Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 20:46:15.340Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 20:46:15.434Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
24/6/2020 - 20:46:15.434Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 20:46:15.434Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 20:46:15.434Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 20:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
24/6/2020 - 20:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 20:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 20:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 20:46:15.668Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
24/6/2020 - 20:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 20:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 20:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 20:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
24/6/2020 - 20:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 20:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 20:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 20:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
24/6/2020 - 20:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 20:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 20:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 20:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
24/6/2020 - 20:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 20:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 20:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 20:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
24/6/2020 - 20:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 20:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 20:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 20:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
24/6/2020 - 20:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 20:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 20:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 20:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
24/6/2020 - 20:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 20:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 20:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 20:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
24/6/2020 - 20:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 20:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 20:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 20:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
24/6/2020 - 20:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 20:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 20:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\script.fon
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\script.fon
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\script.fon
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 20:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 20:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
24/6/2020 - 20:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 20:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 20:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 20:46:16.700Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
24/6/2020 - 20:46:16.887Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 20:46:16.887Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 20:46:16.887Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 20:46:16.981Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
24/6/2020 - 20:46:16.981Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 20:46:16.981Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 20:46:16.981Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 20:46:17.75Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
24/6/2020 - 20:46:17.75Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 20:46:17.75Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 20:46:17.75Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 20:46:17.168Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
24/6/2020 - 20:46:17.168Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 20:46:17.168Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 20:46:17.168Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 20:46:17.309Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
24/6/2020 - 20:46:17.450Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 20:46:17.450Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 20:46:17.450Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 20:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
24/6/2020 - 20:46:17.731Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 20:46:17.731Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 20:46:17.731Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 20:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
24/6/2020 - 20:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 20:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 20:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 20:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
24/6/2020 - 20:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 20:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 20:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 20:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
24/6/2020 - 20:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 20:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 20:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 20:46:18.106Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
24/6/2020 - 20:46:18.106Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 20:46:18.106Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 20:46:18.106Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 20:46:18.200Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
24/6/2020 - 20:46:18.200Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 20:46:18.200Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 20:46:18.200Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 20:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
24/6/2020 - 20:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 20:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 20:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 20:46:18.387Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
24/6/2020 - 20:46:18.387Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 20:46:18.387Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 20:46:18.387Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 20:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
24/6/2020 - 20:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 20:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 20:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 20:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
24/6/2020 - 20:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 20:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 20:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 20:46:18.668Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
24/6/2020 - 20:46:18.668Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 20:46:18.668Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 20:46:18.668Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 20:46:18.762Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
24/6/2020 - 20:46:18.762Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 20:46:18.762Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 20:46:18.762Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 20:46:18.856Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
24/6/2020 - 20:46:18.856Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 20:46:18.856Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 20:46:18.856Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 20:46:19.137Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
24/6/2020 - 20:46:19.231Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 20:46:19.231Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 20:46:19.231Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 20:46:19.512Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
24/6/2020 - 20:46:19.606Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 20:46:19.606Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 20:46:19.606Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 20:46:19.887Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
24/6/2020 - 20:46:19.981Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 20:46:19.981Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 20:46:19.981Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 20:46:20.75Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
24/6/2020 - 20:46:20.75Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 20:46:20.75Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 20:46:20.75Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 20:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
24/6/2020 - 20:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 20:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 20:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 20:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
24/6/2020 - 20:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 20:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 20:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 20:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
24/6/2020 - 20:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 20:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 20:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 20:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
24/6/2020 - 20:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 20:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 20:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 20:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
24/6/2020 - 20:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 20:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 20:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 20:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
24/6/2020 - 20:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 20:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 20:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 20:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
24/6/2020 - 20:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 20:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 20:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 20:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
24/6/2020 - 20:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 20:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 20:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 20:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
24/6/2020 - 20:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 20:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 20:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 20:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
24/6/2020 - 20:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 20:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 20:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 20:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
24/6/2020 - 20:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 20:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 20:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 20:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
24/6/2020 - 20:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 20:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 20:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 20:46:21.293Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
24/6/2020 - 20:46:21.293Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 20:46:21.293Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 20:46:21.293Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 20:46:21.387Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
24/6/2020 - 20:46:21.387Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 20:46:21.387Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 20:46:21.387Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 20:46:21.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
24/6/2020 - 20:46:21.481Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 20:46:21.481Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 20:46:21.481Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 20:46:21.575Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
24/6/2020 - 20:46:21.575Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 20:46:21.575Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 20:46:21.575Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 20:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
24/6/2020 - 20:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 20:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 20:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 20:46:21.762Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
24/6/2020 - 20:46:21.762Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 20:46:21.762Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 20:46:21.762Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 20:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
24/6/2020 - 20:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 20:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 20:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 20:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
24/6/2020 - 20:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 20:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 20:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 20:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
24/6/2020 - 20:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 20:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 20:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 20:46:22.137Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
24/6/2020 - 20:46:22.137Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 20:46:22.137Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 20:46:22.137Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 20:46:22.231Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
24/6/2020 - 20:46:22.231Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 20:46:22.231Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 20:46:22.231Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 20:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
24/6/2020 - 20:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 20:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 20:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 20:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
24/6/2020 - 20:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 20:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 20:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 20:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
24/6/2020 - 20:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 20:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 20:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 20:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
24/6/2020 - 20:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 20:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 20:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 20:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
24/6/2020 - 20:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 20:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 20:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 20:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
24/6/2020 - 20:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 20:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 20:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 20:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
24/6/2020 - 20:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 20:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 20:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 20:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
24/6/2020 - 20:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 20:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 20:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 20:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
24/6/2020 - 20:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 20:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 20:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 20:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
24/6/2020 - 20:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 20:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 20:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 20:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
24/6/2020 - 20:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 20:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 20:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 20:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
24/6/2020 - 20:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 20:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 20:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 20:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
24/6/2020 - 20:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 20:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 20:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 20:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
24/6/2020 - 20:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 20:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 20:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 20:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
24/6/2020 - 20:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 20:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 20:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 20:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
24/6/2020 - 20:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 20:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 20:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 20:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
24/6/2020 - 20:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 20:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 20:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 20:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
24/6/2020 - 20:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 20:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 20:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 20:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
24/6/2020 - 20:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 20:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 20:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 20:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
24/6/2020 - 20:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 20:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 20:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 20:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
24/6/2020 - 20:46:24.528Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 20:46:24.528Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 20:46:24.528Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 20:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
24/6/2020 - 20:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 20:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 20:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 20:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
24/6/2020 - 20:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 20:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 20:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 20:46:24.715Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
24/6/2020 - 20:46:24.903Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 20:46:24.903Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 20:46:24.903Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 20:46:25.43Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
24/6/2020 - 20:46:25.231Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 20:46:25.231Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 20:46:25.231Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 20:46:25.372Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
24/6/2020 - 20:46:25.559Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 20:46:25.559Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 20:46:25.559Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 20:46:25.700Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
24/6/2020 - 20:46:25.887Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 20:46:25.887Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 20:46:25.887Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 20:46:26.215Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 20:46:26.450Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
24/6/2020 - 20:46:26.731Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 20:46:26.731Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 20:46:26.731Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 20:46:26.872Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
24/6/2020 - 20:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 20:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 20:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 20:46:27.247Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
24/6/2020 - 20:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 20:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 20:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 20:46:27.747Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
24/6/2020 - 20:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 20:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 20:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 20:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
24/6/2020 - 20:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 20:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 20:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 20:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
24/6/2020 - 20:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 20:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 20:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 20:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
24/6/2020 - 20:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 20:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 20:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 20:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
24/6/2020 - 20:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 20:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 20:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 20:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
24/6/2020 - 20:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 20:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 20:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 20:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
24/6/2020 - 20:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 20:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 20:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 20:46:28.590Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
24/6/2020 - 20:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 20:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 20:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 20:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
24/6/2020 - 20:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 20:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 20:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 20:46:28.965Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
24/6/2020 - 20:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 20:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 20:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 20:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
24/6/2020 - 20:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 20:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 20:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 20:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
24/6/2020 - 20:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 20:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 20:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 20:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
24/6/2020 - 20:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 20:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 20:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 20:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
24/6/2020 - 20:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 20:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 20:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 20:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
24/6/2020 - 20:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 20:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 20:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 20:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
24/6/2020 - 20:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 20:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 20:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 20:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
24/6/2020 - 20:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 20:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 20:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 20:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
24/6/2020 - 20:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 20:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 20:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 20:46:30.465Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
24/6/2020 - 20:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 20:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 20:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 20:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
24/6/2020 - 20:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 20:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 20:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 20:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
24/6/2020 - 20:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 20:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 20:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 20:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
24/6/2020 - 20:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 20:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 20:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 20:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
24/6/2020 - 20:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 20:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 20:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 20:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
24/6/2020 - 20:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 20:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 20:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 20:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
24/6/2020 - 20:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 20:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 20:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 20:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
24/6/2020 - 20:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 20:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 20:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 20:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
24/6/2020 - 20:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 20:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 20:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 20:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
24/6/2020 - 20:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 20:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 20:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 20:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
24/6/2020 - 20:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 20:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 20:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 20:46:33.403Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
24/6/2020 - 20:46:33.403Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 20:46:33.403Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 20:46:33.403Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 20:46:33.497Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
24/6/2020 - 20:46:33.497Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 20:46:33.497Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 20:46:33.497Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 20:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
24/6/2020 - 20:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 20:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 20:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 20:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
24/6/2020 - 20:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 20:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 20:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 20:46:33.778Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
24/6/2020 - 20:46:33.778Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 20:46:33.778Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 20:46:33.778Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 20:46:33.872Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
24/6/2020 - 20:46:33.872Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 20:46:33.872Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 20:46:33.872Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 20:46:33.965Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
24/6/2020 - 20:46:33.965Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 20:46:33.965Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 20:46:33.965Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 20:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
24/6/2020 - 20:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 20:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 20:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 20:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
24/6/2020 - 20:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 20:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 20:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 20:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
24/6/2020 - 20:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 20:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 20:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 20:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
24/6/2020 - 20:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 20:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 20:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 20:46:34.622Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 20:46:34.622Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 20:46:34.622Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.668Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.715Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
24/6/2020 - 20:46:34.762Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.809Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.856Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.903Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.950Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:34.997Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:35.43Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:35.90Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
24/6/2020 - 20:46:35.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 20:46:35.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 20:46:35.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 20:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
24/6/2020 - 20:46:35.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 20:46:35.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 20:46:35.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 20:46:35.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
24/6/2020 - 20:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
24/6/2020 - 20:46:35.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:35.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:35.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:35.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:35.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:35.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:35.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
24/6/2020 - 20:46:36.168Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 20:46:36.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:36.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:36.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:36.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:36.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:36.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:36.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.293Open1480C:\malware.exeC:\dwmapi.dll
24/6/2020 - 20:46:37.293Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 20:46:37.293Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 20:46:37.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:37.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:37.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:37.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:37.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:37.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:37.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:37.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:37.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:37.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:37.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:37.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:38.653Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
24/6/2020 - 20:46:38.653Open1480C:\malware.exeC:\bcrypt.dll
24/6/2020 - 20:46:38.653Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 20:46:38.653Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 20:46:38.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\CRYPTSP.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:38.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:38.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:39.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:40.559Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 20:46:40.700Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 20:46:40.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:40.981Open1480C:\malware.exeC:\malware.config
24/6/2020 - 20:46:40.981Open1480C:\malware.exeC:\pt-BR\uJTlW.resources.dll
24/6/2020 - 20:46:40.981Open1480C:\malware.exeC:\pt-BR\uJTlW.resources\uJTlW.resources.dll
24/6/2020 - 20:46:40.981Open1480C:\malware.exeC:\pt-BR\uJTlW.resources.exe
24/6/2020 - 20:46:40.981Open1480C:\malware.exeC:\pt-BR\uJTlW.resources\uJTlW.resources.exe
24/6/2020 - 20:46:41.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:46:41.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:41.215Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:41.215Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:41.215Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\pt\uJTlW.resources.dll
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\pt\uJTlW.resources\uJTlW.resources.dll
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\pt\uJTlW.resources.exe
24/6/2020 - 20:46:41.215Open1480C:\malware.exeC:\pt\uJTlW.resources\uJTlW.resources.exe
24/6/2020 - 20:46:41.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:41.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:41.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:41.231Open1480C:\malware.exeC:\WindowsCodecs.dll
24/6/2020 - 20:46:41.231Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 20:46:41.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 20:46:41.231Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 20:46:41.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 20:46:41.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:41.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:41.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:41.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:42.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:42.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:42.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:42.231Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:42.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:42.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:42.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:42.418Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.418Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:42.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:42.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:42.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.840Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:42.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:42.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:42.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:42.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:43.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 20:46:43.28Open1480C:\malware.exeC:\VERSION.dll
24/6/2020 - 20:46:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:46:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:46:43.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:43.28Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:43.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:43.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:43.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:43.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:43.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:43.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:44.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:44.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.325Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
24/6/2020 - 20:46:45.325Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 20:46:45.325Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
24/6/2020 - 20:46:45.325Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 20:46:45.325Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
24/6/2020 - 20:46:45.325Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 20:46:45.325Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
24/6/2020 - 20:46:45.325Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 20:46:45.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:45.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:45.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:45.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:45.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:46.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:46.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:46.309Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
24/6/2020 - 20:46:46.356Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:46.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:46.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:46.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:46.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:46.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:46.778Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:46.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:46.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:46.778Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:46.778Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.778Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:46.872Open1480C:\malware.exeC:\shfolder.dll
24/6/2020 - 20:46:46.872Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 20:46:46.872Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 20:46:46.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exe
24/6/2020 - 20:46:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:46.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.575Open1480C:\malware.exeC:\ntmarta.dll
24/6/2020 - 20:46:47.575Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
24/6/2020 - 20:46:47.575Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
24/6/2020 - 20:46:47.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exe
24/6/2020 - 20:46:47.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exe
24/6/2020 - 20:46:47.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:47.809Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:47.809Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:47.809Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:47.856Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:47.856Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exe
24/6/2020 - 20:46:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exe
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:48.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:48.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\BxwGscCCGddcW.exeBxwGscCCGddcW.exe
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 20:46:48.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:48.325Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:48.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\Monitor
24/6/2020 - 20:46:48.325Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\PROPSYS.dll
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 20:46:48.325Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 20:46:48.340Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
24/6/2020 - 20:46:48.340Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\apphelp.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.340Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\
24/6/2020 - 20:46:48.340Unknown1480C:\malware.exeC:\
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.340Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.340Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.340Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.340Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.356Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.356Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.356Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.356Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.356Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.418Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
24/6/2020 - 20:46:48.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
24/6/2020 - 20:46:48.418Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
24/6/2020 - 20:46:48.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
24/6/2020 - 20:46:48.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 20:46:48.418Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:48.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 20:46:48.418Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 20:46:48.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Monitor\schtasks.exe
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\
24/6/2020 - 20:46:48.434Unknown1480C:\malware.exeC:\
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.434Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.434Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
24/6/2020 - 20:46:48.434Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\System32\propsys.dll
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\System32\propsys.dll
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
24/6/2020 - 20:46:48.434Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Secur32.dll
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Monitor
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.450Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.465Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:48.465Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.465Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.465Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.465Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
24/6/2020 - 20:46:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows
24/6/2020 - 20:46:48.543Unknown2424C:\Windows\SysWOW64\schtasks.exeC:\Windows
24/6/2020 - 20:46:48.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Monitor
24/6/2020 - 20:46:48.606Open1480C:\malware.exeC:\RpcRtRemote.dll
24/6/2020 - 20:46:48.606Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 20:46:48.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 20:46:48.606Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 20:46:48.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 20:46:48.762Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:48.762Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:48.762Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
24/6/2020 - 20:46:48.762Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
24/6/2020 - 20:46:48.762Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:48.778Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:48.778Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:48.778Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:48.778Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:48.778Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:48.778Read2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 20:46:48.825Unknown2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:48.825Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:49.28Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
24/6/2020 - 20:46:49.28Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
24/6/2020 - 20:46:49.122Open2424C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:49.122Read2424C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:49.122Read2424C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:49.122Unknown2424C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:49.747Unknown2424C:\Windows\SysWOW64\schtasks.exeC:\Windows
24/6/2020 - 20:46:49.747Unknown2424C:\Windows\SysWOW64\schtasks.exeC:\Monitor
24/6/2020 - 20:46:49.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:49.793Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
24/6/2020 - 20:46:49.793Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:49.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpD3.tmp
24/6/2020 - 20:46:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:49.840Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.840Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
24/6/2020 - 20:46:49.887Read2100C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
24/6/2020 - 20:46:49.887Open2100C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Monitor
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Monitor
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Monitor
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:49.887Read2100C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:49.887Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\Fonts
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\Fonts
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\Fonts
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\Globalization
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\Globalization
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\Globalization
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 20:46:49.887Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 20:46:49.887Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32\apisetschema.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[1].XML
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:46:49.903Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:49.903Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UAFCZPL6.TXT
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7YN8WJP0.TXT
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dll
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dllNlsLexicons0416.dll
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\V7NJY85I.TXT
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\SysWOW64\tquery.dll
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\SysWOW64\tquery.dll
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Z2FRITE9.TXT
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dll
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dllStructuredQuery.dll
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 20:46:49.918Unknown2100C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\6SGKN470.TXT
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[6].XML
24/6/2020 - 20:46:49.918Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[5].XML
24/6/2020 - 20:46:49.918Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.918Read2100C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:49.918Read2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
24/6/2020 - 20:46:49.918Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:49.918Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:49.918Read2100C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dllNlsLexicons0416.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dllNlsLexicons0416.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\SysWOW64\tquery.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\SysWOW64\tquery.dll
24/6/2020 - 20:46:49.934Read2100C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dllStructuredQuery.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Fonts\marlett.ttf
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Fonts\arial.ttf
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Fonts\ariali.ttf
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Fonts\arialbd.ttf
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Fonts\batang.ttc
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Fonts\courbd.ttf
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Fonts\estre.ttf
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[1].XML
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
24/6/2020 - 20:46:49.981Read2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
24/6/2020 - 20:46:49.981Read2100C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
24/6/2020 - 20:46:49.981Read2100C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:49.981Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Monitor
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:49.981Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:49.981Open2100C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\Windows
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:49.997Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:49.997Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:49.997Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:49.997Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:49.997Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:49.997Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:46:49.997Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 20:46:50.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 20:46:50.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1115234
24/6/2020 - 20:46:50.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1115234
24/6/2020 - 20:46:50.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1115234
24/6/2020 - 20:46:50.12Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:46:50.12Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:50.12Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Monitor
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\Monitor
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:50.12Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:46:50.12Open2100C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:46:50.28Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:50.28Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 20:46:50.28Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:50.28Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:50.28Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:46:50.28Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 20:46:50.28Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 20:46:50.28Open2100C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:50.28Open2100C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\malware.config
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:50.43Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:50.43Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:50.43Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:50.43Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:50.43Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:50.43Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:50.43Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 20:46:50.59Open2100C:\malware.exeC:\VERSION.dll
24/6/2020 - 20:46:50.59Open2100C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:46:50.59Open2100C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:46:50.59Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:50.59Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.59Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.59Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.59Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.59Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:50.59Open2100C:\malware.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 20:46:50.59Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.122Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.168Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.215Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.262Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.309Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.356Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.403Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.450Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
24/6/2020 - 20:46:50.450Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
24/6/2020 - 20:46:50.450Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.450Open2100C:\malware.exeC:\dwmapi.dll
24/6/2020 - 20:46:50.450Open2100C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 20:46:50.450Open2100C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.465Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:50.465Unknown2100C:\malware.exeC:\Monitor
24/6/2020 - 20:46:50.465Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.465Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.465Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.465Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\CRYPTSP.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\bcrypt.dll
24/6/2020 - 20:46:50.465Open2100C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 20:46:50.481Open2100C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 20:46:50.481Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.481Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.528Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.575Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:50.622Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:50.668Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.715Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.762Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:50.809Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:50.856Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:50.903Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:50.950Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:50.997Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.43Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.90Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.137Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.184Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.231Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.278Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:51.372Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.418Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.465Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:51.512Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.559Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.606Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.653Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.700Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.747Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.793Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.840Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.887Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.934Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:51.981Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.28Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:52.75Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:52.122Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:52.168Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:52.215Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.262Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.309Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\shfolder.dll
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:52.356Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:52.356Unknown2100C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:52.356Unknown2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Users
24/6/2020 - 20:46:52.356Unknown2100C:\malware.exeC:\Users
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
24/6/2020 - 20:46:52.356Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\run.dat
24/6/2020 - 20:46:52.356Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\run.dat
24/6/2020 - 20:46:52.356Write2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\run.dat
24/6/2020 - 20:46:52.356Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.403Open2100C:\malware.exeC:\Program Files (x86)
24/6/2020 - 20:46:52.403Unknown2100C:\malware.exeC:\Program Files (x86)
24/6/2020 - 20:46:52.403Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:52.450Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Exceptions\1.2.2.0
24/6/2020 - 20:46:52.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.497Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.543Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.590Open2100C:\malware.exeC:\Program Files (x86)\UPNP Manager
24/6/2020 - 20:46:52.590Open2100C:\malware.exeC:\Program Files (x86)
24/6/2020 - 20:46:52.590Unknown2100C:\malware.exeC:\Program Files (x86)
24/6/2020 - 20:46:52.590Open2100C:\malware.exeC:\Program Files (x86)\UPNP Manager
24/6/2020 - 20:46:52.590Unknown2100C:\malware.exeC:\Program Files (x86)\UPNP Manager
24/6/2020 - 20:46:52.590Read2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:52.637Open2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.637Open2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.637Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:52.684Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Unknown2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:52.684Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:52.684Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:52.684Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Write2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Unknown2100C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\UPNP Manager\upnpmgr.exe
24/6/2020 - 20:46:52.684Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\Globalization\en-us.nlp
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\malware.config
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:52.684Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:52.684Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:52.684Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:52.684Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:52.684Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:52.684Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:52.684Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:52.684Read2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:52.747Read2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:52.793Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.840Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:52.887Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.28Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
24/6/2020 - 20:46:53.75Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.75Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
24/6/2020 - 20:46:53.75Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.122Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.168Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.215Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.262Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
24/6/2020 - 20:46:53.309Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:53.309Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
24/6/2020 - 20:46:53.309Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\Windows\symbols\dll\mscorlib.pdb
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\Windows\dll\mscorlib.pdb
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\Windows\mscorlib.pdb
24/6/2020 - 20:46:53.309Open2100C:\malware.exeC:\malware.PDB
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:53.325Unknown2100C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\malware.exe:Zone.Identifier
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\catalog.dat
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\storage.dat
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\ClientPlugin.dll
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\ClientPlugin\ClientPlugin.dll
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\ClientPlugin.exe
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\ClientPlugin\ClientPlugin.exe
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:53.325Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:53.325Open2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:53.340Unknown2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:53.340Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 20:46:53.340Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 20:46:53.340Read2100C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:53.340Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:53.340Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.387Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:53.434Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\settings.bin
24/6/2020 - 20:46:53.434Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\settings.bak
24/6/2020 - 20:46:53.481Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.481Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.481Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:53.497Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:53.497Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.497Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.512Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs\Behemot
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
24/6/2020 - 20:46:53.512Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:53.512Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:53.512Unknown2100C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:53.512Unknown2100C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Users
24/6/2020 - 20:46:53.512Unknown2100C:\malware.exeC:\Users
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs
24/6/2020 - 20:46:53.512Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs\Behemot
24/6/2020 - 20:46:53.512Unknown2100C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs\Behemot
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Lzma#.dll
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Lzma#\Lzma#.dll
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Lzma#.exe
24/6/2020 - 20:46:53.512Open2100C:\malware.exeC:\Lzma#\Lzma#.exe
24/6/2020 - 20:46:53.528Open2100C:\malware.exeC:\pt-BR\SurveillanceExClientPlugin.resources.dll
24/6/2020 - 20:46:53.528Open2100C:\malware.exeC:\pt-BR\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.dll
24/6/2020 - 20:46:53.528Open2100C:\malware.exeC:\pt-BR\SurveillanceExClientPlugin.resources.exe
24/6/2020 - 20:46:53.528Open2100C:\malware.exeC:\pt-BR\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.exe
24/6/2020 - 20:46:53.528Open2100C:\malware.exeC:\Windows\Globalization\pt.nlp
24/6/2020 - 20:46:53.528Open2100C:\malware.exeC:\pt\SurveillanceExClientPlugin.resources.dll
24/6/2020 - 20:46:53.528Open2100C:\malware.exeC:\pt\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.dll
24/6/2020 - 20:46:53.528Open2100C:\malware.exeC:\pt\SurveillanceExClientPlugin.resources.exe
24/6/2020 - 20:46:53.528Open2100C:\malware.exeC:\pt\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.exe
24/6/2020 - 20:46:53.559Open2100C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 20:46:53.559Open2100C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 20:46:53.559Open2100C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 20:46:53.559Open2100C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 20:46:53.559Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:53.559Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:53.559Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:53.559Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:53.559Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.559Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.606Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.653Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.700Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.747Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.793Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.840Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.887Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.934Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.981Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.28Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
24/6/2020 - 20:46:54.28Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.75Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.122Open2100C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 20:46:54.122Open2100C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 20:46:54.122Open2100C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 20:46:54.122Open2100C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 20:46:54.122Open2100C:\malware.exeC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 20:46:54.122Open2100C:\malware.exeC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 20:46:54.122Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
24/6/2020 - 20:46:54.215Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.215Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
24/6/2020 - 20:46:54.215Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.262Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.309Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.356Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.403Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.497Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.543Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:54.637Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:54.637Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.684Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.684Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.731Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.778Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
24/6/2020 - 20:46:54.778Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.778Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
24/6/2020 - 20:46:54.778Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.825Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.872Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.918Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:54.965Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:55.12Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 20:46:55.106Unknown2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.106Open2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 20:46:55.106Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.153Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.200Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.247Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.293Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.340Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.387Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.434Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.481Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.528Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.575Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.622Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.668Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.715Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.762Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.809Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.856Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.903Open2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:55.950Unknown2100C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:55.950Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.997Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.43Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.90Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.137Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.184Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.231Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.278Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:56.325Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:56.325Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.325Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:56.325Unknown2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.325Open2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:56.325Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.372Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.418Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.465Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.512Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.559Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.606Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.606Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.653Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.700Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.700Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.700Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.700Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.700Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.700Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.700Read2100C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:56.700Open2100C:\malware.exeC:\malware.config
24/6/2020 - 20:46:56.700Open2100C:\malware.exeC:\malware.config
24/6/2020 - 20:46:56.700Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:56.747Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:56.793Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:56.840Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:56.887Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:56.934Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:56.981Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:57.28Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:57.75Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:57.122Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.168Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.215Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.262Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.309Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.356Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.403Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.450Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.497Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:57.543Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.590Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.637Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.684Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.731Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.778Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.825Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.872Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.918Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:57.965Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:58.12Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:58.59Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:58.106Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:58.153Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:58.153Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:58.153Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\dnsapi.dll
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\dnsapi.dll
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\IPHLPAPI.DLL
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\WINNSI.DLL
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 20:46:58.153Open2100C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 20:47:22.278Open2100C:\malware.exeC:\rasadhlp.dll
24/6/2020 - 20:47:22.278Open2100C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
24/6/2020 - 20:47:22.278Open2100C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
24/6/2020 - 20:47:23.387Open2100C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 20:47:23.387Open2100C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 20:47:23.434Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:23.434Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:23.434Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:23.434Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:23.434Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:23.434Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:42.262Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:42.309Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:47:42.590Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:42.637Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:42.684Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:42.731Read2100C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:48:29.293Open2100C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui

Process
Trace
24/6/2020 - 20:46:48.450Create1480C:\malware.exe2424C:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:49.747Terminate1480C:\malware.exe2424C:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 20:46:49.840Create1480C:\malware.exe2100C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
24/6/2020 - 20:45:50.809Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
24/6/2020 - 20:46:48.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 20:46:48.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 20:46:48.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 20:46:48.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 20:46:48.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 20:46:48.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 20:46:48.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 20:46:48.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 20:46:52.684Write2100C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunUPNP Manager

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward 8.8.4.4:DNS code donko.publicvm.com.
computer localhost arrow_forward computer gateway:50043 code donko.publicvm.com.
computer localhost arrow_forward computer gateway:59829 code dns.msftncsi.com.
computer localhost arrow_forward 8.8.8.8:DNS code donko.publicvm.com.
computer localhost arrow_forward computer gateway:DNS code donko.publicvm.com.
computer localhost arrow_forward computer gateway:49551 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.

Response
computer gateway:DNS arrow_forward computer localhost code donko.publicvm.com. reply_all 181.214.6.69

computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255


TCP
Info
computer localhost:65196 arrow_forward help_outline 185.140.53.7:1818
computer localhost:65192 arrow_forward 181.214.6.69:1818
computer localhost:65191 arrow_forward 181.214.6.69:1818
help_outline 185.140.53.7:1818 arrow_forward computer localhost:65196
computer localhost:65194 arrow_forward help_outline 185.140.53.7:1818
computer localhost:65193 arrow_forward 181.214.6.69:1818
help_outline 185.140.53.7:1818 arrow_forward computer localhost:65195
help_outline 185.140.53.7:1818 arrow_forward computer localhost:65194
computer localhost:65195 arrow_forward help_outline 185.140.53.7:1818

UDP
Info
computer localhost:49551 arrow_forward computer localhost:53
computer localhost:54285 arrow_forward 8.8.4.4:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:51595 arrow_forward 8.8.8.8:53
computer localhost:53 arrow_forward computer localhost:49551
computer localhost:49222 arrow_forward 8.8.8.8:53
computer localhost:58036 arrow_forward 8.8.8.8:53
computer localhost:53 arrow_forward computer localhost:50043
computer localhost:50273 arrow_forward 8.8.8.8:53
computer localhost:56655 arrow_forward 8.8.4.4:53
computer localhost:50043 arrow_forward computer localhost:53
computer localhost:55394 arrow_forward 8.8.4.4:53
computer localhost:59829 arrow_forward computer localhost:53

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 69.30%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 86.05%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 63.16%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.16%
suspicious: True check_circle

Add to Collection
Download