Report #10857 check_circle

Binary
DLL
False cancel
Size
459.50KB
trid
55.8% Generic CIL Executable
21.0% Win64 Executable
9.9% Windows screen saver
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
9ec9c4dafd933140c050222c75d77a22
sha1
c48f2dcd8f4efc00977c55aa68de60349d88bf52
crc32
0x5bd18402
sha224
12e3f313a9184e9508b3aa64c8b64289489185b86ae495bab25e77a8
sha256
b31c888c6d36ec26e3c9d3ebd99c56abc17f860d008700e3e7687007bd09cfcf
sha384
2e018b26866ce9046f6c827a6d5b21b14b94ae707101df13d86a1274142f85d2f5af06465f69a3554471759705360b61
sha512
8d5d589827d1b2e9cb790635bf33c17087d486bdf6a8d214568e64fdfc39887714f31d1cbad25908048bd110103561d741529d4a09ac2feee8a4a1e91d85a063
ssdeep
12288:4EuOdfFUCubo8IKKhHqLju7WjGC6zabQTh8:eOJaCGTcqLy7tCBbQC
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, Base64d_PE, IsPE32, Base64_encoded_Executable, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
BlackMetal.Properties
s.MC
p-.gG
1.3.0.0
1.3.0.0
1.3.0.0
1.3.0.0
Jrw.GM
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAFIn/l4AAAAAAAAAAOAAAiELATAAAJwAAAAGAAAAAAAArrsAAAAgAAAAAAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAAAAAQAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAFy7AABPAAAAAMAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAtJsAAAAgAAAAnAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAAAEAAAAwAAAAAQAAACeAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAOAAAAACAAAAogAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAACQuwAAAAAAAEgAAAACAAUAmJQAAMQmAAADAAAAAAAAAACUAACYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswBABqAQAAAQAAESsCJhYAAnMBAAAKCgAajQQAAAELK0ERBh8zYRMGKxQRCB83YTiiAAAAEQgfN1g4aQAAAB8wKAcAAAYTCCvhEQYfL1grMB/8Ewgr1NAEAAAGJh/9EwgryB83KAcAAAYTBh80KAcAAAYTCCu0K6nQAgAABiYrF0UEAAAA4////wgAAAA1AAAAVgAAACu5H+ITBiuEBxYoAgAACgwrGkUEAAAAjf///5r///+m////uv///zh9////H+cTBjhX////BgcWGm8DAAAKJisHEwg4V////x8vKAcAAAYTBjg2////BhZzBAAACg0ACI0EAAABEwQrIREHHzVhEwcRBx82WUUEAAAABgAAABAAAAAbAAAAKwAAAB8NEwcr2REEEwUfDBMHK8/QAgAABiYYEwcrxAkRBBYIbwMAAAomGRMHK7TeJgksAxYrAxcrAC0HCW8FAAAKANwGLAMWKwMXKwAtBwZvBQAACgDcEQUqAABBNAAAAgAAAOgAAABZAAAAQQEAABMAAAAAAAAAAgAAAAwAAABIAQAAVAEAABMAAAAAAAAAEzAFAAQCAAACAAARKwImFgAAKzIRCB81YRMIKxQRCh84YTjHAQAAEQofN1k4hwEAAB8PEwor5hEIHzVZOC0BAAAWEwor1x8MEwgYEworztACAAAGJhcTCivDK7gRBTmkAAAAH3UTCCurAB8OEwgrpBYTBB8JEwgrmxYNGBMIK5QoBgAACgNvBwAACgofDxMIOH////8CAo5pF1mRH3BhCx8LEwg4a////wgRBAIRBJEHYQYJkWHSnB4TCDhU////EQQsWBkTCDhI////CQNvCAAAChdZ/gETBRYTCDgz////Ao5pF1iNBAAAAQwfDRMIOB/////QAwAABiYfChMIOBD///8WKwMXKwAtBRYNCSwECRdYDQARBBdYEwQRBAKOaRdZ/gIW/gETBhEGLAMXKwMWKwA6MP///xICAo5pF1koAQAAKythEQkfM2ETCREJHzFYRQUAAABHAAAAbwAAAHoAAACXAAAAoQAAACs6RQwAAAC5/v//xv7//83+///W/v//3f7///L+//8G////Hf///yn///8+////Uv///2H///84mf7//x8vKAcAAAYTCSuUCBMHKxpFBAAAAGr+//95/v//gv7//43+//84X/7//x/jEwk4bP///yswH+ATCThh////0AEAAAYmKwcTCjgy/v//HzIoBwAABhMJOET///8AH/wTCTg6////EQcqEzAGAB8CAAADAAARKwImFgAAKxQRDB80YTjuAQAAEQwfMFg4pgEAAB82KAcAAAYTDCvhAB/mEwwr2hEEOHsBAAAf7BMMK80CbwoAAAoX2g0f4RMMK75zCwAACgof4hMMK7IWDB/jEwwrqhYTBB/lEwwroQJvDAAAChfaCx/gEwwrkgg5OwEAAB/kEwwrhgAfOCgIAAAGEww4d////9ADAAAGJh/tEww4aP///yslEQsfOGETCxELHzBZRQUAAAAGAAAAHgAAACoAAAA0AAAARAAAAB8LEwsr1REFFhYWFigNAAAKKA4AAAoTBh8KEwsrvdAFAAAGJh8JEwsrsREGLBkfDBMLK6cCCBEEbw8AAAoTBR4TCyuXFisDFysAOnMAAAAAKyERCh84YRMKEQofNVlFBAAAAAYAAAAMAAAAGAAAAE4AAAAfDxMKK9kAFhMKK9PQAwAABiYfDhMKK8cGBm8QAAAKGY0EAAABJRYSBSgRAAAKnCUXEgUoEgAACpwlGBIFKBMAAAqcbxQAAAofDRMKK5EAABEEF9YTBBEECf4CFv4BEwcRBywDFysDFisAOtn+//8ACBfWDCsHLN44fv7//wgH/gIW/gETCCs2RQsAAAA0/v//O/7//0j+//9X/v//Y/7//2v+//90/v//g/7//4/+//+e/v//rf7//zgk/v//EQgsAisJKwoTDDgL/v//FysDFisAOhX+//8GbxUAAAoTCSsAEQkqABMwAgBEAQAABAAAESsCJhYAADikAAAACB8vYQwrJgkfOGENKxQRBB80YTgQAQAAEQQfMlg41wAAAB80KAcAAAYTBCvhHzEoCAAABjh1AAAAH+UTBCvPCR8vWEUEAAAAFAAAAD4AAABMAAAAYQAAAB/6EwQrsNADAAAGJh/kEwQrpCubCB8yWEUFAAAANQAAAD8AAABhAAAAlwAAAK4AAAAfNSgIAAAGDThx////0AEAAAYmH+oNOGP///8fNygHAAAGDCsDDSuIH+wNOE7///84Qv///yt3H/0MODj///8DICU0AAAoCgAABigWAAAKKBcAAApzGAAACgoVDDgW////BgJvGQAACnQPAAABCysaRQQAAAAf////Mf///1D///9c////OA////8fLygHAAAGDDjg/v//0AEAAAYmKwcTBDjp/v//H/4MOMn+//8HKhMwAwBlAQAABQAAESsCJhYAADhsAAAABx8xYQsrHggfOGEMKxIJH0BhODUBAAAJHzpZOPUAAAAfew0r6R81KAgAAAY4zgAAAB99DSvYCB8vWEUEAAAAEgAAAB0AAAAlAAAAWwAAAB96DSu60AIAAAYmH3wNK68rptAEAAAGJh/pDCubHwwLH+wMK5MHHzdZRQgAAAASAAAAGgAAADoAAABaAAAAcAAAAJoAAACjAAAAvAAAAB9BKAgAAAYMOF3///84Uf///wAeCzhJ////BigaAAAKbxsAAAoWjBQAAAEUbxwAAAomHwoLOCn///8CBCgEAAAGKAMAAAYDKAIAAAYoAQAABgofCQs4Cf///9ADAAAGJisGDDgs////HwsLOPP+//8WKB0AAAorGkUEAAAA+/7//wz///8q////Nf///zjx/v//Hw0LOMn+//8AHw8LOMD+//8g6IAAACgeAAAKKwYNOMX+//8cCzin/v//KoorAiYWAiAPNAAAKAoAAAYrCAIoHwAACisHfQEAAAQr8QAqEzADAMUAAAAGAAAR/gkAAP4OAAD+DAAAIIjA2yggl3rn/1kg172r2mEgQbeEAFggOK/k8llZRQkAAAAYAAAAKgAAAGQAAABJAAAAZAAAADcAAABkAAAAUQAAAAUAAAA4XwAAACBCDFfWIEAMV9ZZIAQAAABiZSogvzwSBiD1wTvqWCDT/k3wWSogDMZwImYg9TmP3VkqIDix/gkguEwB9mEgBwAAAGMqIOP///9lZiogMoUL/CDh4ZUmWWYgOaN11VgqILzOr9plILzOr9pYZioAAAATMAMA9gAAAAYAABH+CQAA/g4AAP4MAAAgYBM6ZCCazorhWCABAAAAYyDIcOIiYT0wAAAA/gwAACBQSIQjZSDht3vcWWU7bgAAAP4MAAAg4McfESArOODuYWU7aQAAADiEAAAA/gwAACDpqV4QZiBG9vzhYSDLoB4AWSCzAMHxWDsmAAAA/gwAACATnyvXIPBrh/RZIEOLMv9YIKe+1uFZZTsuAAAAOD0AAAAg2TM412YgOMzHKFkqID/9//9mZSAFAAAAY2VmKiA5+uD1IE764PVZKiC8SL0kZiDstkLbWWYgAgAAAGMqIBhNhrgg+MMZ/1kgAQAAAGMgbrtJI2FmZSoAABMwBABbAAAABwAAESggAAAKFP4GCwAABnMNAAAGgAMAAAR+AwAABCDBX0wQZiAnov0ZWSA6ejjbYSDSe3LxWGZvDgAABm8hAAAKKBYAAAb+DgAAcxMAAAb+DAAAKBIAAAaAAgAABCqiKCIAAAp+AgAABG8jAAAKdBkAAAH+CQAAjBQAAAFvJAAACnQKAAABKhMwBQCgAAAACAAAEXIBAABwKCUAAAo4fgAAAP4MAACOaf4OAQA4MgAAAP4MAAD+DAEA/gwAAP4MAQCTIIzLQNhmILpC8AJhIDQJTCNZZiDxbQMCWGH+CQAAYdGd/gwBACB2d6AHIKV5C+FYZSAc8avoWFkl/g4BACBkTIUBIME+599hIKZyYt5ZZjwFAAAAOA4AAAA4kf////4OAAA4ef////4MAABzJgAACioq/gkAACgfAAAKKgATMAgAmCkAAAkAABEAIG26lQIgKUZq/Vj+DgAAOFgAAAD+DBYAINfiQORlINe0nQBZZmUgO+5UA1kguYUz6GFmYThQKQAA/gwWACBvLsvxIN8NNA1YZiDpWSfxYSBVaxXkWWZlZmUgCfNP7GFlIJQjoh9hWDhUIQAAIDMCf/IgY1r0JFggBr5X1Vkg+GnHD2Egun2PE1kgM4kG+1hlII3o8xxYIKfln+dZZf4OFgA4bv////4MAQAgyH5ZUiADAAAAYyC1L0sKWWZm/gwBACCYX7fwZiDFPhgkWCC/szMbWWVmILjU0udYkSAhkm06IGA7aOBhZiADzfjkWGYgKQaL42EgqxARJVkgUcl28WFh0pw4RAAAAP4MGgAgLiJy+SAa82AaWSCJ0O4gWGZhOAIgAAD+DBoAIB9n+wQgAwAAAGIgKTa+21hlILGQZvxZIAEAAABiWDhmHwAAIP/GgwUg9lhn3VhlZiCyhSn7WSD4ZT4YWGX+DhoAOJn////+DAEAINDYO7kgBAAAAGNmIP9fIxhYZmUgs11w41j+DAEAIIbFT8dmIDyIfhZhILfXhvRYZiDYiVUjYWWRIMvXJwAgJ5K85mEgRyUb5FggOaBVFWEgECc6/VggNPId3WFh0jgaHgAAIEj1reBlZiDyKcXYWSAnjvcPYWUggjxNIlggKfctGmFl/g4aADgI/////gwBACDQSpLbIAIAAABjIOBhZP5YIG70SPVZ/gwBACAsn8HJIBPMgiRhIFCxThBYIHNPTwdhIAEAAABiII4eA+ZhIAN+V+tYIGcr9xVhIHrUGRVYIAIAAABjkSAAXfz1IPBc/PVZZWZh0pwgvEqFGyAhyvv0YSDZgH7vWf4OGgA4g/7//yC7QaglIACQxepZINfI2NxYIAIAAABiIIvALQBhIDi/b91YIIZxWhtZZiAYLtoaWCCntQT6YWb+DhYAIDgOlQUg8wT961hmILe3J/tYIE5bavZh/g4aADgn/v//OC39///+DAEAIMbakBdlIE7qyuZhIAIAAABjID6OX+1YIAQRcPpZZiA2RVD+WSCqyRYLWf4MAQAgIJPo8SC6tjMSYWUgYtokHFkgAgAAAGIgAQAAAGORIN5O4Zggs3SN/1kg24CfIlhlIJbuUCpZIAEAAABjINlWmgZZIBl8vPlYYdKc/gwBACBks+I8IEOSQ+NhZSDQ3l4gYf4MAQAgpq/e/CCdr978WWVlkSCrYc8EZSAKnjD7WWHSnP4MAQAgo728AWYgrr28AVj+DAEAIAoAAAAgAQAAAGMgAQAAAGKRII/+//9mZSADAAAAY2Vh0pwgNMwa5CA0M5gXYSAFAAAAYyBnebYRWSBnYRoSYf4OFgA4Gvz///4MAwDQCgAAASgnAAAKbygAAAr+DAMAIC03KuQgrfvi21llIAUAAABjIAYAAABiZiAxzvETWSA3cXAkYSBppyrhWWUgcc09CGGNHwAAASUg/DMKBGYgzC7DHlhmIPMbkPlZIP40UyRYIMTh9e9hZiAEAAAAYtAGAAABKCcAAAqibykAAAr+DAMAILQ27fFlIAEAAABjIAEAAABiZmUgtDbt8VgggXZL6CAD2roDYWYgfVMOFGFyDQAAcG8qAAAKJiD+WRW4IG79aidYIAEAAABjILBzzPZZZSARSAwHWf4OFgA4M/v///4MAQAgMpkuniC2Ka/xWSABAAAAY2VmIGJIwClhZf4MAQAgEqcYBCA+Oqz8YWUgAgAAAGMgzCSD5FhlIF4CqhlZkSCnw44iIKzDjiJZZWHSnP4MAQAg1RykVSDQFhLzYWYg3GHQElkgzvwT5mEgM7NtKVgg/Z7t1WFlICCDNRxY/gwBACA8XO/+ZmUgdsh09llmIAIAAABiIEJP6iFYkSB0qd4TIAip3hNhIAIAAABjYdKc/gwBACBKqhwFZiBuqhwFWP4MAQAgQ6zNNyBizEkdWSBnC4rgYWUgUVtuAGFlIBWyFeFYIMdBfdtZkSCO////ZmVmIAEAAABjYdKcIGY7a8UghLvmGVggcrqQ+WEgr+tW7lggRTgYFVll/g4WADgO+v///gwBACDliUbUIJx1CfBhZSCgA7DbYf4MAQAg2P///2aRIPDM5wNmZWYgvjIY/Flh0pz+DAEAIMVIuOkgDCGx6WEgAwAAAGJlINhOSwBhZSACAAAAY/4MAQAglN2jHCDyewvxWSABAAAAYyCpMMwVWZEgCSsk+yD3D/v5WGUgl8TgClllZmHSnP4MAQAgKC2WGGYgAQAAAGIgUM57+WEgMCDoBVllIGNKngxYIBsAIiVYIAMAAABjZv4MAQAg5LLA5mVmIKsJuydYZiBYQ4TxYZEg1EJSnCAAk/8mWCDgn5TrWSB7dRoZWCBsq9fwYWHSnCAal2j/INZ0vgJYZSBEv6j+WWYgWaJu6lllIOUDvf1YZiDmvDUmWSDhl5ENYf4OFgA45/j//3IRAABwKCsAAAr+DgEA/gwBACDHOT7qZSA5xsEVWf4MAQAgGIZm+mYg/St0+Vkg6k0lDGGRICA5s9cggHh0GGEgvsp1A1hlIHZ8BShZILaIQvtYZWHSnP4MAQAg2g7YoSBrScwLYWYg0M9OCVkgrg9h42FmIP9r5wBZIAEAAABjIBlWjSdh/gwBACDBa7r6IIFruvphIAYAAABjkSDrO4EJIDinFyZhIAEAAABiIDYXLPdZZSACAAAAY2VmIDm3/+VhYdKcIBMiiOwgVbF29lhmIFbT/uJY/g4WADgH+P//0AYAAAEoJwAACv4MAgAgBm+S9SDnH74CWCAN5HMTYSCyJgUeWCDCkSgJYSADAAAAY5ogsD7pHmVmIHfQsONhIKTuWf1ZFCAEYuoJIO7+qg9YIBr4WfxZIHS4NihYILkL+iBZZiBs6ofbWY0fAAABFCgsAAAK/g4NADhOAAAA/gwYACCpZhYSIB+bINxYIGUBN+5ZYf4OGAD+DBgAIGBxQ7AguGbE+GFlIAEAAABjIEp0vNthZWZZRQQAAAAvAAAADwEAAJ4BAADbAQAAIITc0BcgaA4L91lmIJmx5yRhIAEAAABjZSDroPD0WSDrYN/yWGX+DhgAOIP////QGAAAASgnAAAK/gwCACDe70ZZZmYgfB+A4FggPUZm7GEgpbZeKliaIJ69nUMgAQAAAGMgN9/OIVkgAQAAAGNlFCAu0dnlZiB1zOwjWSDUj/P5YWUgehI18FlljR8AAAElIP53IhkgGmoA7GFmIBvi3Qph0AoAAAEoJwAACqIlIKRsZvIgAgAAAGIgrjrEBmEgbyonGVkgaFN9EFggCvOo22FmID9CGx1Y0AEAAAEoJwAACqIUKCwAAAr+Dg8AIANGwPRmIFgoZOhhIBVA8QxZZiBMrpUpYf4OGAA4o/7//9AYAAABKCcAAAr+DAIAIKchFbggvFtJ2VkgIDo0IViaIHCDA1EgBAAAAGNlZiAsAOwUYSAfyAPuWGVmFCC81haQZSCUhsYLWSADAAAAYyCcYlsdWSC68SjvYY0fAAABFCgsAAAK/g4OACCHdwfSIJHc8xhYIL98jQFYINWYuPNZIDzILwdY/g4YADgU/v//IMOCH9IgDn4SGlhmINIAMuxh/g4WACDjD/n3IMoee9dYZSAbym8oYSADAAAAYyBmgxwDWf4OGAA41/3//zhb9f///gwBACDMf6MDIFmyhdpYILP1zA1hZiDtZ/kkYSABAAAAY2YgOFCO+2H+DAEAIMcqkghmIF9QSdhYZSDGQQzxWCAzF1UhWSACAAAAY2YgBgAAAGNlkSAUT4rYIBosYdthZmVmIIWcFPxZYdKc/gwBACDoWPf2IPTQJQNYZmUgI4VQCmEgAgAAAGIgAgAAAGMgPpF76mFmIDnCyeVh/gwBACD0r4reZiB0WPQEWCCr+m3dYWUg0eYqIGEgcBGTJFkghzo+AFmRIJpAryQgFL9Q21hmYdKc/gwBACCNcVIUIIWsFRFYICtNzNhhZiB3g8UUWCD3zM8aYSDD/O4NWf4MAQAgLcWNzGYgGVHc/2EgBkDUKFhlIJiJCRJZIKXIVAJhZSDJ/dgFYZEginHiKGUgwI0d11lh0pwg6Q2S3WUgF/JtImEgAgAAAGJmZWX+DhYAOAb0///+DAEAIOQfk/RmZmUg7x+T9Fj+DAEAIIexKjog5eAE1mEgbVEu7FllkSC4////ZmHSnP4MAQAgAPr//2UgBwAAAGNlZf4MAQAgXrLv/CA91s7pWSABAAAAYiBOuEEmYSABAAAAYiABAAAAY5Eg5SqyOCDtEffVWGUgdMNW8WFh0pz+DAEAIP/KJ94gDTXYIWFm/gwBACARioAQIF/yUudYIAIAAABiIDw2zN9ZIPmB6d1YIPFbEvthIHevqw5ZZSDeSDLoWZEgooqe7yBGqisiYSACAAAAYyA/pmDgWSCSoQwTYWHSnCB8enozIKASXidZIOB2kBtYIAIAAABjIAAtURRhZSAxGrodYSADAAAAY/4OFgA47fL///4MAQAghJUvPyBUqJLcWCDH78YNWSAzsgTyWP4MAQAgpIHsASABAAAAYyBpvwn/YWaRIMoY2EBlZWYgfin72llmIAEAAABjIB6r3/FZIJ8J9uNhZmHSnCgtAAAK/gwBAG8uAAAKIPo/VccgzCsK4mEgX9AKFFkgKbyr7mFmIAIAAABiIAIAAABjjSkAAAElILiC+SIgWrx561hmILtnSRZhZWYgq1g6GFggznXDkWYgppnQJVlmIB4lIfpYIAgPUCpYIF68+iNhZp1vLwAACv4OAgD+CQEAcoQCAHD+DAAAbzAAAAr+DgMAIKP6MiggYuNk5Fggb+8J/lkgXRFy8Vj+DhYAOOTx///+DAEAIGhcKysgUhyg7Fggo3jLF1n+DAEAIADp//8gBwAAAGNlIAEAAABjkSAQXcJ0IA22pu1hIKDFo/1ZZmUgzUWSHlgg36wM5FkgAQAAAGMgYaDcFGFmYdKc/gwBACAOm2D9ZiBAgKHlWSBs2nsVYSCegVoSWCDZ9WoQYSCiKYoLWSABAAAAYyABAAAAYiAHAAAAY/4MAQAgwGJ0ZCAEAAAAYyAASBIhYSDR8arYYWUgAwAAAGKRIDJeFbsgx0DGGVgg5hMF61kgLXUpFlhh0pz+DAEAINdMJMFmIAMAAABjIIOJJPhhZv4MAQAgb/7//2YgAwAAAGIgBwAAAGORIGUv4R9lIKe7bfNZIB2jQR1hIEup2xBZIJnx6h5YYdKcIHdmdxAgzSiS9FhmIJ1sSOxhZiBAud30WCArnR/eWf4OFgA4m/D///4MAQAgYAAAACADAAAAYiAEAAAAY/4MAQAg/z7+ECBowpoNWGZlIAMAAABjID5NKtxZIN1yhN5hIDv4RgJZZiDYVxoJWZEggX732WYg//BF+Vggro2x4GFlYdKc/gwBACDM4br+IAEAAABjZiDXIJ3jWCCMc17gYSC1I577WP4MAQAgw9upGmYgDiRW5WFlZpEgiZC3EiBMLTvqYSA6wcHkWSBn2JL8YWVmIEckWO9hIAIAAABjYdKc/gwBACCM0jsAIAYAAABiICIJnhJZZmYg7Kvu/VllIDYSmAFh/gwBACACcJ32ZSA1jwreWWUgDBeI8GFmIIwX0NtZkSCY+MbzIJDdb+dhICXbVutYYdKcIAkAAABl/g4WADh87///0BkAAAEoJwAACiDbxnLZIEETWP5YIBcOcSRhINfTu/NZFCBnszz4IM3pQ+9ZIGY2B/dYjR8AAAEUKDEAAAr+DgoAOFYAAAD+DBkAIAIQTCgg1iIL2lhmZWYg5uWo/VllIAYAAABjYf4OGQD+DBkAIIshPSIgSONoElllIHnC4ClYIG2EDBphWEUEAAAAMAAAAFsAAABOAQAA9AEAACAkX0z/ZSBPddniWCB41s3VYWYgW5Na/mEgo2kgHVlmZSCRvDrlYf4OGQA4ev///yBnzT/5ZiBgzT/5WP4OFgAgIR1E5yC3HETnWSABAAAAY2X+DhkAOE/////QGQAAASgnAAAK/gwCACD2////Zpogr+oGUSANVJnnWCDXBCb3YSDZTbYmYWUgfNS5A1llIPpL6uxZFCChKivUZiDTj+cRWSBD8r72WGUgAQAAAGIgPAUzD1kgAgAAAGMgUGh06FkgeLpoC2GNHwAAASUg1GORGyDUY5EbWWXQAQAAASgnAAAKoiUgb+gB8iB6NzQOWCAGAAAAYiAnIC4dWSBgfO7+WGYgf1oCDVggSHNq81kgQ2+w1WFm0AEAAAEoJwAACqIUKCwAAAr+DgwAICKqH+xlILCpH+xYIAMAAABiIAQAAABjZWb+DhkAOFz+///QKwAAASgnAAAK/gwCACAG3oACILh0jPFhIAEAAABiIDzJ2ClYILAe8g9hmiBD5pNUZiC9wlv4YSBOKsLfWCCO1GYdWWYgc5OhA1kg/zvL5mEUILbjyhUgWbWhIFlmINLfmAtYIKVR3SRZIDvXUeZYZSD2yBsoWY0fAAABFCgsAAAK/g4LACBY+fEPIPKYwQthIGc/1x9ZIIbdphth/g4ZADi2/f//OObs///+DAIAIA1yCNNlIFlHifRhZWYgRtFwC1ggMc/ID2EgZ6otG1ggRf9UB1maKDIAAAr+DgQA/gwEAP4MAgAgka2NUyAPPewaYSDE/ez9YSAtv9j1WSBAdXfhYSB2ULkpWSDug/vgYSAbCfHWWWaaIKU0F+ggTXBE6mEgSRdq+FhmIMkxI/dYIO0I9yNhIOZGC/BZIH3xouxhIBem2vxYIAYAAABjFCBaV1/2ZWYgWVdf9mEgBwAAAGKNHwAAARRvLAAACv4OBQD+DAQA/gwCACALDYj5INPPyBNYILhtUQ1hIBNPyQVYIIkFAvhZZiDx+sgNYWWaIK0TfSUgmRN9JWEUIBvpEtcgByQuDmFlZiDCZekZYWUgaOQA2WFlIE+zKuZYjR8AAAEUbywAAAr+DgYAIJVLCwsgbvhUDGFlIB1MoPhZZWX+DhYAOJnr///+DAEAIFt2fvVlIOBjGd5hIMoRLNtZIEpW3g1YILEuSwdhIAIAAABj/gwBACAmbJAkIPtXbxFZZWYgLNxk21gg3g96EWEgAgAAAGNmkSCwyOzAZiDgTVncWGUgEYVsG2EgBQAAAGNlYdKc/gwBACB9M/tPIFKEhgpZZiD68xXnWCABAAAAYyBvpdACWCDZ308mYSDTarEUWCD9AqAKYf4MAQAg95is9yAon6LdWSASBvblWGWRIAT+ACVlZiB4Av/aWGHSnP4MAQAg1dIh7SCevIALWSDp6V4eWP4MAQAg1juYGWUgGsRn5lkgAQAAAGKRIOpoiCdmIJCXd9hZZWHSnCBzByn5ZiCsHBXyWGUgAwAAAGMgAwAAAGIgNRXs+GH+DhYAOHDq///+DAEAIOgUNgRlICy+VwRhIEy+KglYIPOdOvdZIBB5kO5YIN3lHgBhIAYAAABj/gwBACB+lrPWZiCDKqAiWCACAAAAYyApI3foYSCV9JvrWSABAAAAYmYgWE+s/1kgPHyGGFggcPYFBViRIHBa+gcgFlI5EFkglvdJEWFmINMGMQlZZmUg8Oj4HWEgj/JC8lggBQAAAGNh0pz+DAEAIFvmvRog0xlC5Vj+DAEAIJp3t8ggdRcgIlhmICgjnhFYZiBHlMYmWJEgr5Ki7mYgbdMcAVlmIJi1odZZZSDesB0ZWGHSnP4MAQAgPNb22CBuB6TvWSDYfKzpYWYgxk0B/2H+DAEAIAVTBt1lIOKCXyVhIObhi9dYIC4QMt9ZZZEgEwAAACABAAAAYmUgAgAAAGJlYdKcIB6aRckg3KKkJVhmIPA86u5h/g4WADgi6f///gwBACBiU8rlILisNRpY/gwBACAM8eV+ILXw+hdZIBH7tPpYIAIAAABjZSABAAAAY2YglHqKDFlmIA17VgBZkSBqnVwtIM/sgw5ZIMF+yhphIMCYKw5YIPJ1bhphIBCBCAhhIAUAAABiZSBYfxILWGHSnP4MAQAgWlqB7iBaaIHuWSAHAAAAY2b+DAEAIFxKEvllIDRbXvdYIAUAAABiILWDyCRhZSCTZ7USYSADAAAAY5EgQN77DSASGi/gYWUgAQAAAGMgKec4AlggACpOC1kgBwAAAGNh0pz+DAEAIKtHBJcgg6qJG1ggByUeB2EgIZ9bIFggaANN71lmZWYgAI1dGWH+DAEAIDfbXaVmIFE05x9ZZWYgDxvpJ2FlIAvrUx1hIAIAAABjZpEga8EHBmUg122k5lkgwges7FhlIAcAAABjYdKcILfiuvAgAQAAAGJmIFlP+OVYZiBFblQVWCB85NEQWSABAAAAY2Zl/g4WADir5////gwBACAIKWUKIHHZpN1hIAkwV+ZZZWYgRcBq8Vn+DAEAIMGdLRMgApLl5mFmIOjwNwpZIAIAAABjZpEgFdP7tSAxjQQoWGUgyjte3lhlIJvaXQBYZiABAAAAY2ZlYdKc/gwBACDbrHLaIKljBehhINDZ1PtZIM48A9lYZiAk8zkeYWZlIIc+YO5h/gwBACDk4ObaZSDbS9rpWCDV9Lz5YSCOa+ElWSBHvugQWGUg+g6pHVmRII+6W68gANK/4mEgK58dE2EgAgAAAGMgp32+F1lh0pz+DAEAIKVKQWAg/EqO11ggYbShBVllIAQAAABjILvdIgNYZiABAAAAY/4MAQAgNfWw+SC6so8EYWYgG6uWJGEgPxNWJlmRIMHj498g2BscIFhlYdKcIOAmfgpmIA/Y0+xZZSAQ/1H3YWUgBQAAAGP+DhYAOF/m///+DAEAIB3WfB8gRNUn6lgg/nF5JGEgoCSjA1llIBu2OipYIAEAAABj/gwBACAmZn/iILAvcdxZZWYghDYOBllmkSCrLXj5IMPPAOlYZiAN3uPcWCAo4Gr6WWHSnP4MAQAgj9MzFCAtfYTvWCD/lq0DYSCfvTUDWCATfLT8YWX+DAEAIIC+TgEgqWiF2mFlIGw5KRZZZSCaD/XxYZEgC717FCBIu/XvWSDbBlb6YSDJFx8GWWYg2RBPJ2Fh0pz+DAEAIH4KMPAgg/XPD1ggBAAAAGL+DAEAILrC+/kgEoux+GFlIGYKayRhZWVmIMljISVZIAMAAABjZiAGAAAAY5EgZTjVzyDSoIb2WCCCdmsdWSCv87kVWCACAAAAYyDyfHcMYSBN6d3jYWHSnCC40xuwIJfulwxhIAwWttxZZSA3J9bfWGb+DhYAOBLl///+DAEAIK7zPdEgHqi781kgTNLMGlhmICC9OiZhIOURCt9YZiADAAAAYiBKh6MEWP4MAQAg80JaQGUgofvFH2EgAQAAAGNmIB9DmthYIIgfaghhIAUAAABjkSAM/v//IAIAAABjZmVmYdKc/gwBACAZJ10fZWYgAQAAAGJmILzOxAFhIO44KSBYIF64quBZ/gwBACCD+mE2IDrb9+pYIHnXPgBhID39mN5hZiABAAAAY5EgAwDoASBj+xf+YWUgBQAAAGNh0pz+DAEAIO+TwAMg9qBaJmEg7sqo72FmIKHLCuhhIHWPNgVhICi9DidY/gwBACBCkUQ2INequeZYIOLDAeNhZpEgT/I3ayD4kcsVWWYgODg0/1llIAQAAABjIIkJSgVZYdKcIF+UyelmIE7cCfFYIMP2Ud1ZIOacieFYIKEpVf9ZIHSXuPZhIPxc++xYIAewledhZf4OFgA4seP///4MAQAg+gaKLiDLyFofWSDlwdDwWP4MAQAgaS31ziA93JAhWGYg6aFN9FhlIFpxWhxZIHD23d9hkSBdq4LcIFOsJtxhZSABAAAAYyABAAAAYiDc+Fv/WWHSnP4MAQAgMHM8qyABAAAAYyByxmEqYWb+DAEAIIugzQFlIH8qdNdZIJqCjSphIOVPNChZIHrccdtZIOw5bOZhIDRMHhFYkSAkyiqaIB+4CwpYIKaSvtZZIItHlBZYIPF8sxthZiCdS7//WGVh0pz+DAEAIGsrG+hlZiBfKxvoWSABAAAAYv4MAQAgDBCP1CCktdX0WGYg36z3+VggAQAAAGMgrXNJGFllkSCjuirUIBcCxyVYZiDU6+cBWCD9i2rzWWVmZWYg76KLFFlh0pwgRFAC7SDUTgLtWSAEAAAAY2YgAwAAAGMgAgAAAGL+DhYAOGPi///+DAEAICnFTN8gxeGN11kgixxB+Fhl/gwBACCgs4reIEBLdSFYIAQAAABjZpEgJC6o52YglxnkEmFlIGNWpfNhZSB+ykrtWGUgiWlh5lhh0pz+DAEAIBEAAABmZf4MAQAgNKCP2GYgTGFZ91ggrz424WEgAgAAAGNlkSBWjgnXZSAE9MvVYWYgAgAAAGJlIEnpCQtYYdKc/gwBACABbGZfIJ+WsRdYIPTSMQNhIAIAAABjZSB3nLXmYSB36L/7WP4MAQAggXwg0mUgwdpsHVlmIFJXje9hkSAX9UUcIKV7wuRhIFRxeAdhIAIAAABiZWHSnCB8fZt+IAEAAABjIBfsq/xYIMS4IRxZZSD78dcfWP4OFgA4SuH//9AKAAABKCcAAAr+DAIAIFufGCVmID0WggVZZiCftZoqYZog1sPuAiA2oiXwWGUgXTwnA1hlZiBQyRIQWSAGAAAAYxQgcDgPMWZlIG0IVPNZIF1CG9ZYZSD97wPxWCB8EQYBWWUgIWwn3FhmZY0fAAABJSD2rOnYZSD2rOnYWGXQCgAAASgnAAAKoiUgU9BU2CCMRFTbYWUgJfY022EgEyX28GEgFrg911nQLAAAASgnAAAKohQoLAAACv4OBwA4agAAAP4MFwAg37Id0CAurWrpWSCq+kwZWGH+DhcA/gwXACBCOzRNICOnRfJYIHQdKQthIIAtwd9YIAnPMxVZZSDTtx7dWCDRpb8hYWVZRQQAAAA/AAAACgEAAF4BAABTAgAAOAYAAACcOODh//8g8Hd4BGUg30ICFlllIPsmRBxZIAIAAABiII8SWt9hIEOIWdhYIB/m2f9h/g4XADhi////0AYAAAEoJwAACv4MAgAgQnZU8yCoPZYbYWZmIBbUPRdYIAUAAABjZSAGAAAAY2WaICoPHxEgdEnUFWFmIFsiG+ZhIAEAAABjIMnNlw5hFCBHf73PIA4mGw9YIB+pxRphZiClguUAWSB5sdTsWGYgiiLSJ1iNHwAAARQoLAAACv4OCAA4GgAAAEUEAAAAqOD//znh//++4f//GuL//ziA4P//IAtmFutmIJq/nuZYIAMAAABiIIQ5X9thZWUgPwri+Fj+DhcAOJf+//8gHXJ1MWYg/BSk9VllINsMr/thIMpkmBZYZiAp2ToCWSC4yYn1YWVm/g4WADgJAAAA/g4aADj13///IKLGUs8gcKpnDFgg4HC621n+DhcAOEP+///QKwAAASgnAAAKIO6CeiFmIA7dhN5hZiAFAAAAY2YgBgAAAGMUIEzZa9IgjG+tHlkg2J0b5VggAgAAAGNlZiAcfskZWI0fAAABJSA4wM4wZiAgwOPZYSDn/9IWWdAGAAABKCcAAAqiFCgxAAAK/g4JADhqAAAARRgAAACB3v//wuD//9Xh//+84v//4eP//wjl///o5f//lOj//+np//8C6///C+z//1Tt//9z7v//CfH//1by//9/8///zfT//0T2//+Q9///3fj//z76//+M+///pfz//x8AAAA4Qt7//yDUAALlZSAQAQLlWP4OFwA4Tv3//zjQ3f///gwDAG8zAAAKJdAUAAABKCcAAApvNAAACiYl/gwEAG80AAAKJiXQLwAAASgnAAAKbzQAAAomJdArAAABKCcAAApvNAAACiYl0BkAAAEoJwAACm80AAAKJiXQCgAAASgnAAAKbzQAAAomJdAKAAABKCcAAApvNAAACiYlbzUAAAr+DhAAJW81AAAK/g4RACVvNQAACv4OEgAlbzUAAAr+DhMAJW81AAAK/g4UAP4MAgAgWJ/pXiD5zN7WYWUgWQSiIGFlIDCb6x5YIPwPL+ZhIMn8ryFZmig2AAAK/g4VACV+NwAACv4MFQBvOAAACiV+OQAACm86AAAKJX47AAAK/gwFAG88AAAKJX49AAAKbzoAAAolfj4AAApvOgAACiV+PwAACv4MEABvQAAACiV+PgAACm86AAAKJX5BAAAK/gwGAG88AAAKJX5CAAAKIBfgihJlZiAw/Wj8WCACAAAAYmZmIJ4eT+5hIIBrgNVZbzgAAAolfkMAAAogrQA8CiAuwg4jWSCqmPwlWCCrm18TWSB4O8r5YSADAAAAYmUgAQAAAGIgBAAAAGNlbzgAAAolfkQAAAr+DAIAIB32FesgsiTTI1hmIMnf5ulYILuule5ZICwJE/dYZWYgZx9742Gab0UAAAolfkYAAApvOgAACiV+QQAACv4MBwBvPAAACiV+RwAACm86AAAKJX5IAAAK/gwRAG9AAAAKJX5DAAAKIO1mAzAgazsS6WEg+2ozGlggeze7DGFlbzgAAAolfkQAAAr+DAIAIG+UudVlIHdi6gJhZiAWv1ALWGYgBAAAAGNlIPbb/d1hICWJ1yNZIAcAAABjmm9FAAAKJX5GAAAKbzoAAAolfkEAAAr+DAcAbzwAAAolfkcAAApvOgAACiV+SAAACv4MEQBvQAAACiV+QwAACiCgJZ7pZiBZ2mEWYW84AAAKJX5EAAAK/gwCACA7u1rXIGhT0iZhZSAh1CUKYWYgjcRRBFggAwAAAGNlIAUAAABjZmUgBAAAAGOab0UAAAolfkYAAApvOgAACiV+QQAACv4MBwBvPAAACiV+RwAACm86AAAKJX5IAAAK/gwRAG9AAAAKJX5DAAAKIKXSTM8gC22KA2FlIKPL8uZYZSBedBXvWSBUgEEJYWZvOAAACiV+RAAACv4MAgAgmh3YGiCHNfYUYWZlIAIAAABiZiAHSusSYSDRIgYqWGUgvsdNAGGab0UAAAolfkYAAApvOgAACiV+QQAACv4MBwBvPAAACiV+RwAACm86AAAKJX5JAAAK/gwQAG9AAAAKJf4MEQBvSgAACiV+SwAACm86AAAKJX45AAAKbzoAAAol/gwQAG9KAAAKJX5MAAAKbzoAAAolfkEAAAr+DAgAbzwAAAolfk0AAApvOgAACiV+TAAACm86AAAKJX5OAAAK/gwJAG9PAAAKJX5QAAAKbzoAAAolfk4AAAr+DAoAb08AAAolfkIAAAoggh99EmYgqh6D/FkgNjPv6GEg0l1QFlkgVr6h62FmIOSi2wpZZiDbMcMKWG84AAAKJX5RAAAKbzoAAAolfkEAAAr+DAsAbzwAAAolfkIAAAogo6Ax9iBwWk0LWWUgOEbk6lhvOAAACiV+QwAACiDGtEADIAU/CiZYIKJzEAZZIEwqsBRYIGEKL9dhIBSixeBZIAcAAABjZW84AAAKJX5HAAAKbzoAAAolflIAAArQFAAAASgnAAAKb1MAAAolfkMAAAogRdEl9yC/LtoIYWZvOAAACiV+QQAACv4MDABvPAAACiV+VAAACm86AAAKJX4/AAAK/gwSAG9AAAAKJX5VAAAK/gwTAG9AAAAKJf4MFABvSgAACiV+QwAACiAcWLwdZiAFtWHtYSABAAAAYyBTCZEHWSADAAAAY284AAAKJX5MAAAKbzoAAAolfkEAAAr+DA0AbzwAAAolflYAAApvOgAACiV+NwAACiDQdhnuIGjrSwpYIHctT+RhZmVmIJ6w1eNZbzgAAAolflcAAApvOgAACiV+VAAACm86AAAKJX5YAAAKbzoAAAolflIAAArQFAAAASgnAAAKb1MAAAolflEAAApvOgAACiV+QQAACv4MCwBvPAAACiV+QQAACv4MDABvPAAACiX+DBMAb0oAAAolfkwAAApvOgAACiV+QQAACv4MDQBvPAAACiV+WQAACm86AAAKJX5aAAAK/gwUAG9AAAAKJf4MEgBvSgAACiV+OwAACv4MDgBvPAAACiV+QwAACiAY9s7oZSBs3BklWSACAAAAYyCv/o71WCA5BIwFYWUgh5X851llILljld9ZbzgAAAolfkMAAAogulZkICD6VmQgWSACAAAAY2UgAgAAAGNvOAAACiV+QQAACv4MDwBvPAAACiV+QwAACiBiEWH5ZmUgGMtPKlllILA65exZZSAbVl4HYWYgpJxrJVkgFUjv61ggldTaCWFvOAAACn5bAAAKbzoAAAo4CQAAAP4OFgA4p9b///4MAwAqEzAJAA8BAAAKAAARKCIAAApzXAAACv4OAAD+DAAAcoQCAHBvXQAACv4MAAAgPqNyG2Yg9st4JmEgIEb93llmZWZlIBhR+ONZb14AAApyhAIAcG9fAAAKcoQCAHAgERJOr2ZlIAEAAABjIP2mUeFhIJbyI+BYZiCLohoXWG9gAAAKOBMAAAD+CQAA/gwBACgRAAAGJjgJAAAA/g4BADjk/////gwBAG9hAAAKcoQCAHAgM2K83yAgpnoNWCC79sgSYWZmZRQUIFnOjQog8koR51kgse2i9FhlIAIAAABjILsj+PlZZY0BAAABJSAakejPIMc9NfZYZSDj8wMMYSCzMhMdYWVmIE7w8ihZ/gkBAKJvYgAACnQKAAABKioTMAMASgUAAAsAABEAAAA4EAMAAP4MAAAg/v8XGCABAAAAYyCbshInWWUgvk355Fhh/g4AADjVAQAA/gwBACCl4NMZIFdGQuphZSBUp5HzWGH+DgEAOF4BAAD+DAIAIGufMf0gzWDOAmFlYf4OAgA4zQAAAP4MAwAgfUKUGWVmZSBkyWvmWWUgBQAAAGNh/g4DADhZAAAA/gwEACBBSIY/ZSAwJSIAWGVmII5FVgZhIMDSyh1YIIltmORZZiACAAAAY2E4XAQAAP4MBAAgzHA/ICBnHKcFWCA+X5b4YSBYWVryWSAaeRbrWWZYOPADAAAg3a8+/CAwsWEPWCBNaKALWSAFAAAAY/4OBAA4h/////4MAwAgCYZYCWYgaYZYCVhZOGUDAAAgt/jeFGYg4mklFlgg7Y65/mH+DgQAOFb///8ggP///yAHAAAAY2YgAgAAAGM4AAMAACA6AAAAZmVm/g4EADgu////OAb////+DAIAIE6RCOEgQmaZ/GFmIOqgKxhhZSCVqUX6WCACAAAAY1k4bwIAACCc0Y3UIEwBCxFZIBMZDyphIH42chZYZf4OAwA4vP7//yCROTUEINfrRthhIGMA/ApYIFK6j+tYIBrz9u9ZZiDuDqjhWCABAAAAYmUg0hXBAmH+DgIAIBQsrxhmIJAsrxhYZmUgAQAAAGP+DgMAOGr+//84S/7//yDc1U7yZiCkdK3kYSD9ZgX8WCC/xSHlWf4OAQAg9Sle+mUgAgAAAGJmIPTiGxRhZSDdYvUIWSBYPoPmYSDgaSQfWWb+DgIAOP/9///+DAEAIIkDryogxrZv21lmIJMgYxtYZiCPMK3eYSBJ+P0XWSDR24wqYWVYRQMAAAAgAAAAjQAAANgAAAAgndX39CBMPAb6YSAqFg7xWGX+DgIAOKj9//84g/3///4MAAAgExWg2GUgXZBF12EgE3sa8FlmWEUKAAAAeAAAAJcAAAC1AAAA2AAAAAMBAABVAQAAiAEAAN0BAAAhAgAAWQIAACDwntDxIAMAAABjIOcxNgNZIAa42R1YZSA2ZiLnYWb+DgEAOBb9//8glT+dhWYgAQAAAGMgUOmZJFkg35Do/FhmIL8HgBVY/g4AACCCm1guZSB90rAeWCACAAAAYmYgjLMtKlkgTI+O62H+DgEAOMv8//84oPz//wAAIOKmtM1mZSCErJXnWSBa+h7mYWX+DgAAOIH8//8AACDUilEVIAEAAABiZWYgX+pc1WH+DgAAOGP8//8AACBNSXsSIKqNat9YIOeyJQpYIN2JC/xhZv4OAAA4QPz//wAAIIHKSO5mZSDJYNbXWWYg6Uw0FWEgdw7TJVggLemMIln+DgAAOBX8//8AADgWAAAARQMAAAD4/f//RP7//5v+//84e/3//yBMEuHXIISXgRZhICYAgOZZZSDJTWzzYSCEPV8YWGUg92Dh8lllIE7Ws+FZ/g4AADjD+///AAA4CQAAAP4OAwA49/z//yAGz5DtIC69sglZILznmBRYIJT5dvhZZmVm/g4AADiQ+///AAA4FgAAAEUDAAAA0vz//xz9//9u/f//OIX8//8gJPqLfiACAAAAYyDTce7nWCAWkzYcYSABAAAAYiCRQAnrWSBYQx7ZWCBcyWQlWf4OAAA4O/v//wAAOBYAAABFAwAAAB/8//9Q/P//ePz//zj6+///IGn/DeQgOOh8FFkgzFCo5Vkg1MrV+VhlIDqRvuNh/g4AADj3+v//AAA4CQAAAP4OBAA4m/v//yCw9zwfIBPfuupYIChiv/tYZWYgqke3BVkgBgAAAGP+DgAAOL/6//8qAAATMAYAygAAAAwAABEAGo0EAAABgAQAAAQrBgc4iAAAAB8RKDoAAAYLK/B+BAAABBkfMStYHxAoOgAABgsr3H4FAAAEGR8yKygcCyvOfgQAAAQWfgUAAAQWH1IlCpwGnBsLK7cajQQAAAGABQAABCsDnCvVGAsro34EAAAEGH4FAAAEGB9BJQqcBpwrA5wrpRYLK4d+BAAABBd+BQAABBcfUyUKnAacKyZFBwAAAGH///91////g////5r///+u////yv///wwAAAA4Uv///xoLOEX///8qAAAbMAYAqQMAAA0AABEAAnNjAAAKCisHERU4YwMAAB8ZKDoAAAYTFSvuEQ84LgMAAB0TFSviFjgLAwAAFhMVK9dzZAAACgsaExUrzAiNBAAAAQ0cExUrwAZvZQAACgwZExUrtBqNBAAAARMEHhMVK6cGCRYIb2YAAAomGxMVK5gJEQ8JEQ+REQQRDxpdkWHSnB8hKDoAAAYTFTh5////BhEEFhpvZgAACiYXExU4Zv///xEPF1gTDxEPCDLDCRZzZwAACnNjAAAKEwUrNxEURQwAAAALAAAAGQAAACgAAAA1AAAASgAAAFoAAABrAAAAfAAAAIcAAACYAAAAqQAAALsAAAAfJCg6AAAGExQrvhEFb2gAAAoTBx4TFCuwEQVvaAAAChMKHwoTFCuhEQo5jwAAAB8LExQrlBEFEQkWEQhvZgAACiYXExQ4f////xEFb2kAAAomHBMUOG////8RCI0EAAABEwkZExQ4Xv///xEFb2gAAAoTBhYTFDhN////FBMNGBMUOEL///8RBW9qAAAKEwgbExQ4Mf///xELjQQAAAETDB0TFDgg////EQVvawAAChMLHwkTFDgO////FysDFisAOo0AAAAoIAAACm9sAAAKb20AAAoTEBEQLAMWKwMXKwAtCxEQjmkgoAAAAC4Gc24AAAp6ERAfDBEMFhELKG8AAAorExEWRQMAAAALAAAAIgAAAC4AAAAfGyg6AAAGExYr4hEMG48EAAABJUcggAAAAGDSUhcTFivLc3AAAAoTDRgTFiu/EQ0RECgZAAAGb3EAAAoRBiwDFisDFysALUgRCiwDFisDFysALQ0RBREMFhELb2YAAAomEQVvawAAChMRERGNBAAAARMSEQUREhYREW9mAAAKJgcREm9yAAAKBxEMb3MAAApzdAAAChMOEQYsAxYrAxcrAC1KBm91AAAKB292AAAKFnN3AAAKExMRBywDFisDFysALQsRExEOKDgAAAbeRxETEQ4oGAAABt48ERMsAxYrAxcrAC0HERNvBQAACtwRBywDFisDFysALQ8Gb3UAAAoRDig4AAAGKw0Gb3UAAAoRDigYAAAGEQ0sAxYrAxcrAC07EQ4Wam94AAAKKwcTDzju/P//EQ0RDhEJKBsAAAYsAisMKw05VP3//zjI/P//FysDFisALQZzbgAACnoRDhZqb3gAAAorMkUKAAAAe/z//4f8//+S/P//nfz//6n8//+1/P//wvz//9H8///w/P//A/3//zhr/P//EQ4qAAAAARAAAAIAxAIi5gIUAAAAABMwBQA0AAAADgAAEQIrKxYrAxcrAC0IAo5pAwRYKwsUKgSNBAAAAQorBC/1K/ECAwYWBCh5AAAKKwQs1ivRBioTMAQALQAAAA8AABEgABAAAI0EAAABKw4CBhYGjmlvAwAACgsrAwor7wcWMAEqAwYWB296AAAKK98AAAATMAQAhQMAABAAABECjmkgoAAAAP4BOGUDAAAGOEADAAAWKwMXKwAtJQJ+BAAABB8UKBoAAAY4DQMAABcrAxYrAC0LEgT+FT0AAAERBCoGLAMXKwMWKwAtIQJ+BQAABB4oGgAABiwDFysDFisALQsSBP4VPQAAAREEKhIB/hU9AAABBiwDFysDFisALQMeKwIfFAwrLxEGRQoAAAALAAAAFAAAACAAAAAwAAAARgAAAF0AAABrAAAAdwAAAIEAAACYAAAAHxYoOgAABhMGK8YICVgMGxMGK70GOYEAAAAfCRMGK7EHe3sAAAoofAAAChYTBiuhB3t9AAAKKHwAAAofECg6AAAGEwYrixIBAggJKBcAAAZ9ewAAChgTBjh0////IIAAAAANHhMGOGb///8IHlgMHRMGOFr///8aDRoTBjhQ////EgECCAkoFwAABn19AAAKGRMGODn///8WKwMXKwAtAgcqCAlYDCtnEQVFGAAAAAsAAAAcAAAAMwAAAD8AAABTAAAAZwAAAH4AAACRAAAAnQAAALUAAADEAAAA0QAAAOUAAAD8AAAAEAEAABwBAAAnAQAAPwEAAEwBAABXAQAAZAEAAIgBAACgAQAAvAEAAB8aKDsAAAYTBSuOH0ANHx0oOwAABhMFOH3///8SAQIICSgXAAAGfX4AAAoaEwU4Zv///x9ADR8UEwU4Wv///wd7fwAACih8AAAKHxcTBThG////B3t+AAAKKHwAAAofChMFODL///8SAQIICSgXAAAGfYAAAAocEwU4G////wd7gAAACih8AAAKHRMFOAj///8ICVgMGBMFOPz+//8SAQIICSgXAAAGfYEAAAofDRMFOOT+//8ggAAAAA0fDBMFONX+//8ICVgMHwkTBTjI/v//B3uCAAAKKHwAAAofFRMFOLT+//8SAQIICSgXAAAGfX8AAAoZEwU4nf7//wd7gQAACih8AAAKHxETBTiJ/v//H0ANHxATBTh9/v//H0ANGxMFOHL+//8SAQIICSgXAAAGfYMAAAofFhMFOFr+//8ICVgMHw4TBThN/v//H0ANFxMFOEL+//8ICVgMHxITBTg1/v//EgECCAkoFwAABn2CAAAKKwo58fz//zjp/P//HwsTBTgR/v//CAlYDCsKOb78//84tvz//xYTBTj5/f//B3uDAAAKKHwAAAorBgo4lfz//x8TEwU43f3//wcqAAAAEzADAFIAAAARAAARABYKKwMHKzUfGyg6AAAGCyvzBisaFwsr7AIGBFiRAwaRLgYYCyveFioGF1gKKwQsAiviBgOOaTICKxUr3EUDAAAAxP///8v////Z////K7gXKgAAEzAEABgAAAAOAAARc4QAAAoDb4UAAAolCgoCBhQEb4YAAAoqHgIoHwAACioTMAMAlwcAABIAABEAAAArBxEJOBgHAAAfJSg6AAAGEwkr7n4JAAAEHw8YnisHEQs41wYAAB8QKDoAAAYTCyvufgkAAAQfERc4sQYAABgTCyvcfgkAAAQfEB8OnhYTCyvNHBMJHxEoOgAABhMLK78roB8TjRQAAAGACQAABH4JAAAEFh8Qnn4JAAAEFx8Rnh8NEwk4ef///34KAAAEGh2efgoAAAQbHp5+CgAABBwfCZ4fExMJOFf///8WCwc5bQIAAAYaXTlQAgAAHxQTCTg+////fgoAAAQfDR8Xnn4KAAAEHw4fG55+CgAABB8PHx+eGxMJOBj///9+CgAABB8QHyOefgoAAAQfER8rnn4KAAAEHxIfM54fERMJOPH+//9+CQAABB8SHw+eHx2NFAAAAYAKAAAEfgoAAAQWGZ4fDBMJOMr+//8AACAgAQAAjQsAAAKABgAABB8gjQsAAAKABwAABBcTCTil/v//fgoAAAQfHCACAQAAnh8djRQAAAGACwAABB4KGRMJOIL+//9+CQAABB8MHwyefgkAAAQfDRmefgkAAAQfDh8NnhYTCThd/v//fgoAAAQfCh8Pnn4KAAAEHwsfEZ5+CgAABB8MHxOeGhMJODf+//9+CgAABB8WH2OefgoAAAQfFx9znn4KAAAEHxgggwAAAJ4fEhMJOA3+//9+CgAABBcann4KAAAEGBuefgoAAAQZHJ4YEwk47f3//34JAAAEGB8Snn4JAAAEGh6efgkAAAQbHZ4fDxMJOMv9//9+CQAABB8JG55+CQAABB8KHwuefgkAAAQfCxqeHwkTCTim/f//fgkAAAQcHwmefgkAAAQdHJ5+CQAABB4fCp4fDhMJOIP9//8AAAAAAAAdEwk4df3//34KAAAEHxMfO55+CgAABB8UH0OefgoAAAQfFR9Tnh8LEwk4Tv3//34KAAAEHxkgowAAAJ5+CgAABB8aIMMAAACefgoAAAQfGyDjAAAAnh4TCTgf/f//fgoAAAQdHwqefgoAAAQeHwuefgoAAAQfCR8Nnh8KEwk4+vz//xcrAxYrAC0EBxdYC34LAAAEBgeeBhdYCgYfHD+L/f//Hx6NFAAAAYAMAAAEK08RCkUSAAAACwAAACIAAABEAAAAZwAAAIkAAACsAAAAyAAAANkAAADvAAAACAEAACABAABIAQAAagEAAIYBAACpAQAAxgEAAN4BAAAAAgAAHyEoOgAABhMKK6Z+DAAABBwfCZ5+DAAABB0fDZ4bEworj34MAAAEHxYgAQgAAJ5+DAAABB8XIAEMAACeGhMKOG3///9+DAAABB8OIIEAAACefgwAAAQfDyDBAAAAnh8KEwo4Sv///34MAAAEHxQgAQQAAJ5+DAAABB8VIAEGAACeFxMKOCj///9+DAAABB8YIAEQAACefgwAAAQfGSABGAAAnh8NEwo4Bf///34MAAAEHh8Rnn4MAAAEHwkfGZ4fDhMKOOn+//8WDQk5TQEAAB8REwo42P7//x8ejRQAAAGADQAABBoMHBMKOML+//9+DAAABBgZnn4MAAAEGRqeHw8TCjip/v//fgwAAAQWF55+DAAABBcYnh4TCjiR/v//fgwAAAQfECABAQAAnn4MAAAEHxEggQEAAJ4fJSg6AAAGEwo4af7//34MAAAEHxwgAUAAAJ5+DAAABB8dIAFgAACeHRMKOEf+//9+DAAABB8MH0GefgwAAAQfDR9hnhgTCjgr/v//fgwAAAQfGiABIAAAnn4MAAAEHxsgATAAAJ4fCxMKOAj+//9+DAAABB8KHyGefgwAAAQfCx8xnh8MEwo46/3//34MAAAEGhuefgwAAAQbHZ4WEwo40/3//34MAAAEHxIgAQIAAJ5+DAAABB8TIAEDAACeGRMKOLH9//8IGF0sAxcrAxYrAC0ECRdYDX4NAAAECAmeCBdYDAgfHjLeFhMEEQQsLn4GAAAEEQSPCwAAAh8wEQRYfRIAAAR+BgAABBEEjwsAAAIefRMAAAQRBBdYEwQRBCCPAAAAMckgkAAAABMFEQUtOH4GAAAEEQWPCwAAAiCQAQAAEQVYIJAAAABZfRIAAAR+BgAABBEFjwsAAAIfCX0TAAAEEQUXWBMFEQUg/wAAADG/IAABAAATBhEGLTF+BgAABBEGjwsAAAIRBiAAAQAAWX0SAAAEfgYAAAQRBo8LAAACHX0TAAAEEQYXWBMGEQYgFwEAADHGIBgBAAATBxEHLTd+BgAABBEHjwsAAAIgwAAAABEHWCAYAQAAWX0SAAAEfgYAAAQRB48LAAACHn0TAAAEEQcXWBMHEQcgHwEAADHAFhMIEQgsT34HAAAEEQiPCwAAAhEIfRIAAAR+BwAABBEIjwsAAAIbfRMAAAQrBp44Sfn//xEIF1gTCCsaRQQAAAAf+f//Mfn//0D5//9O+f//OA/5//8RCB8fMQIrYCunRRUAAACa+P//6Pj//w/5//8x+f//Svn//3D5//+X+f//vvn//+P5//8G+v//K/r//1H6//97+v//m/r//736///i+v//Bfv//xP7//86+///afv//477//84ivj//34GAAAEfgcAAAQoIgAABoAIAAAEKgATMAQAZgAAABMAABEAFgorAwgrRR8QKDoAAAYMK/MHKyoYDCvsFisWHxsoOgAABgwr3wYCB5QDB5RaWAorAwsr5xkMK8wHF1gLKwQsAivSBwKOaTICKxkr2UUEAAAAsP///7f////E////1////yukBioAABMwBADkAAAACwAAEQAWCisGCTi9AAAAHxAoOgAABg0r8Ac4nAAAABgNK+YWOIEAAAAWDSvcBgIHlH4GAAAEB48LAAACexMAAARaWAofESg6AAAGDSu7BxdYCwcCjmky1SsXEQRFBAAAAAsAAAAYAAAAIAAAAEQAAAAfGyg6AAAGEwQr3hYMHxAoOgAABhMEK9EILDYYEwQryQYDCJR+BwAABAiPCwAAAnsTAAAEWlgKKwYLOHn///8ZEwQrpQgXWAwrByyVOF3///8IA45pMgIrHCvFRQQAAAA4////Qv///0z///9t////OCn///8GKhMwAwB4AAAAFAAAEQACjmmNCwAAAgorAwgrUB8QKDoAAAYMK/MHKzcYDCvsFisjFgwr5QYHjwsAAAICB5R9EwAABB8RKDoAAAYMK8wHF1gLKwMLK9oHAo5pMgIrBivULPQrxQYoIQAABisXRQQAAACl////rP///7P////M////K5kGKhMwBADeAQAAFQAAEQACFo8LAAACexMAAAQKKwcRCjilAQAAHxAoOgAABhMKK+4RBDiBAQAAGBMKK+IXOGABAAAWEwor1wYCEQSPCwAAAnsTAAAELxMZEworwgIRBI8LAAACexMAAAQKEQQXWBMEEQQCjmky0AYXWI0UAAABCysXEQtFBAAAAAsAAAAoAAAANwAAAD8AAAAfGSg6AAAGEwsr3gcCEQWPCwAAAnsTAAAEjxQAAAElShdYVBkTCyvBEQUsGR8bKDoAAAYTCyuyFhMFFxMLK6oRBRdYEwURBQKOaTK/BhdYjRQAAAEMKyMRCUUHAAAACwAAABsAAAAkAAAALQAAAD0AAABEAAAATAAAAB8kKDoAAAYTCSvSCBEGCZ4fFig6AAAGEwkrwgcWFp4bEwkruREGLSoZEwkrsAkHEQYXWZRYF2INFhMJK6AWDRcTCSuZFxMGGBMJK5ERBhdYEwYRBgYx1hYTBxEHOXAAAAACEQePCwAAAnsTAAAEEwgRCCwDFisDFysALTMCEQePCwAAAggRCJR9EgAABCsHEwQ4mf7//wgRCI8UAAABJUoXWFQrCjqz/v//OHX+//8RBxdYEwcrGkUEAAAAUf7//13+//9o/v//ff7//zhB/v//EQcCjmkyiSp6czcAAAYlAigjAAAGfRgAAAQlAygjAAAGfRkAAAQqAAAAEzAEAPoAAAAWAAARAAKOaY0JAAACCisHEQU4uwAAAB8kKDoAAAYTBSvuCDiWAAAAHxAoOgAABhMFK90CCI8LAAACexMAAAQWOG8AAAAYEwUrxhID/hUJAAACGxMFK7kWDBYTBSuyFgsZEwUrqysTEQRFAwAAAAsAAAAeAAAALAAAAB8bKDoAAAYTBCviEgMCCKMLAAACfQ4AAAQXEwQrzxIDCNF9DwAABBgTBCvBBgclF1gLCaQJAAACKwQxAiuNCBdYDCsHLAU4Y////wgCjmkyAisnOGH///9FBgAAADP///9E////W////2j///9v////dv///zgj////BgcWFigkAAAGKgAAEzAGAMEBAAAXAAARAAONCQAAAgorBxEHOHQBAAAfGSg6AAAGEwcr7hY4RQEAAB8JEwcr4ggXOCYBAAAbEwcr1gONCQAAAgsfChMHK8kWJRMEDRYTByu/EQZ7DgAABHsSAAAEBEBvAAAAFxMHK6gIEQZ7DwAABH0VAAAEHwsTByuVAhEFowkAAAITBh4TByuGCBZ9FAAABB8RKDoAAAYTBzhx////EQZ7DgAABHsTAAAEBTMkGhMHOFr///8RBSxrHBMHOE7///9zNgAABgwdEwc4QP///ytNEQZ7DgAABHsSAAAEEQZ7DgAABHsTAAAEBVkXWR8fX2MXXxb+AywDFisDFysALQ8HCSUXWA0RBqQJAAACKw8GEQQlF1gTBBEGpAkAAAIRBRdYEwURBQM/Tv///wh7FAAABCwDFysDFisAOoUAAAARBBYxIAgGEQQEF2IFF1goJAAABn0WAAAEKwp9FAAABDjQ/v//CRYxAisJK1gTBTi0/v//CAcJBBdiF2AFF1goJAAABn0XAAAEKzpFDAAAAGL+//9u/v//ev7//4f+//+R/v//qP7//7v+///K/v//3/7///b+//8C////EP///zhS/v//CCp+A34KAAAEAiABAQAAWZRUBH4LAAAEAiABAQAAWZRUKgAAABMwBABrAAAAEQAAEX4KAAAEAigCAAArK1YGFis/BmYXWSsfAwYgAQEAAFhUKxcHRQMAAAAPAAAAJAAAADYAAAArAwor3h8bKDoAAAYLK98EAn4KAAAEBpRZVCsEL8UrvRcLK8oFfgsAAAQGlFQrAworpxgLK7gqABMwBABlAAAAEQAAEX4MAAAEAigCAAArK1AGFis5BmYXWSsZAwZUKxcHRQMAAAAPAAAAJAAAADYAAAArAwor5B8bKDoAAAYLK98EAn4MAAAEBpRZVCsEL8srwxcLK8oFfg0AAAQGlFQrAworrRgLK7gqIgIDKC0AAAYqJgIfDygtAAAGKn4CHxBZRQMAAAACAAAABAAAAAYAAAArBhgqGSodKhYqEzAFAM8BAAAYAAARczMAAAYKFji2AQAABzieAQAAAgMHWJQ4fgEAABcrAxYrADqzAAAAFgwIF1gMKxcRBkUEAAAACwAAABwAAAAqAAAANwAAAB8bKDoAAAYTBiveBwhYBC8uHxkoOgAABhMGK80CAwdYCFiULBUZEwYrvwggigAAAC8NFxMGK7IWKwMXKwAtpAgZLxoIFzIIBhZvNAAABiYIGDI4BhZvNAAABiYrLggfCy8VBh8RbzQAAAYmBggZWW80AAAGJisUBh8SbzQAAAYmBggfC1lvNAAABiYHCFgLON0AAAACAwclF1gLWJQNKxcRBUUEAAAACwAAABgAAAAmAAAALwAAAB8bKDoAAAYTBSveBglvNAAABiYXEwUr0RYTBB8ZKDoAAAYTBSvDEQQsCxkTBSu6EQQXWBMEBxEEWAQvWBEEHC9TAgMHWBEEWJQJLuMrFxEHRQQAAAALAAAAGQAAAC8AAABHAAAAHxkoOgAABhMHK94GHxBvNAAABiYXEwcr0AYRBBlZbzQAAAYmHxEoOgAABhMHK7oRBBkyAisMKx05gP7//zh4/v//FhMHK6IHEQRYCysHLAU4W/7//wcEMgIrCzhQ/v//CzhE/v//Bm81AAAGKh4TMAUAqAEAABkAABEAAo5pjRQAAAEKKwcRCDh0AQAAHxsoOgAABhMIK+4CjmmNFAAAAThKAQAAFxMIK9wWOCsBAAAfESg6AAAGEwgrywYRBhEGnhoTCCvAEQYsCxgTCCu3EQYXWBMGEQYGjmky3wIHAo5pKIkAAAorFxEJRQQAAAALAAAAFwAAAB8AAAAsAAAAHxsoOgAABhMJK94HBigDAAArGBMJK9IILBYZEwkryhYMHxAoOgAABhMJK70IF1gMCAeOaS8NBwiULAMWKwMXKwAt6QeOaQhZjRQAAAENBwgJFgmOaSh5AAAKCY4sAxcrAxYrAC0KFo0UAAABEwQrHQmOaRczDheNFAAAASUWF54TBCsJCQMoLgAABhMEAo5pjRQAAAETBSsXEQpFBAAAAAsAAAAUAAAAHAAAADgAAAAfECg6AAAGEwor3hEHLDcYEwor1RYTBxYTCivNEQUGEQcIWJQRBBEHlJ4rBxMGOM7+//8ZEworsREHF1gTBysGCziw/v//EQcRBI5pMgIrICvKRQUAAAB+/v//kP7//6H+//+s/v//tf7//zhu/v//EQUqEzAGAP8BAAAaAAARAAKOaQorBxEOOMkBAAAfECg6AAAGEw4r7ggRBQIRBRhalAIRBRhaF1iUWDiYAQAAHBMOK9IDjQIAABs4egEAABsTDivCFhMFGRMOK7oRBSwqFhMOK7ECjmkYW40UAAABDB8ZKDoAAAYTDiubBxYCohoTDiuSEQUXWBMFEQUIjmkylxcTBhEGOpUAAAAIAigvAAAGEwcrHxEPRQYAAAALAAAAFAAAACUAAAA/AAAATQAAAFgAAAAfJCg6AAAGEw8r1hEILE8YEw8rzREHjmkYW40UAAABDBkTDyu8CBEIEQcRCBhalBEHEQgYWhdYlFieGxMPK6IWEwgfGyg6AAAGEw8rlAcRBhEHohcTDyuJEQgXWBMIEQgIjmkywBEGF1gTBhEGAz9j////Bo0UAAABDSsTERBFAwAAAAsAAAAVAAAAHwAAAB8bKDoAAAYTECviBhdZEwQXExAr2AMXWRMJGBMQK84raAcRCZoTChYTCxYTDBYTDRENLDMRDAKOaS8gAhEMlBEKEQ2UMxUJEQyPFAAAASVKF1hUEQwXWBMMKwYRCxdYEwsRDRdYEw0RDREEGFoyxRELEwQrBgs4gP7//xEJF1kTCSsGnjhi/v//EQkWLwIrKCuPRQcAAAAh/v//Pf7//03+//9V/v//Xv7//3T+//99/v//OBH+//8JKgATMAYA7gAAABsAABEAAo5pA45pWI0UAAABCisHEQQ4rwAAAB8bKDoAAAYTBCvuFjiOAAAAGhMEK+MWOGgAAAAfGSg6AAAGEwQr0gksPBsTBCvKBgklF1gNAgclF1gLlJ4cEwQrtxYMFxMEK7ACB5QDCJQvBxkTBCujKw4GCSUXWA0DCCUXWAyUngcCjmkvGwgDjmky1ysTBgklF1gNAgclF1gLlJ4rAw0rlQcCjmky5ysWBgklF1gNAwglF1gMlJ4rBgs4bP///wgDjmkyAisoK+BFBwAAADv///9G////V////1////9y////ef///4b///84K////wYqHgJ7EQAABComAnsQAAAEA5QqUgIoHwAACgIfEI0UAAABfRAAAAQqAAAAEzAFAFkAAAAcAAARAnsRAAAEAnsQAAAEjmkzKQJ7EQAABBhajRQAAAEKAnsQAAAEFgYWAnsRAAAEKHkAAAoCBn0QAAAEAnsQAAAEAnsRAAAEA54CAnsRAAAECwcXWH0RAAAEByoAAAATMAUAIgAAAB0AABECexEAAASNFAAAAQoCexAAAAQWBhYCexEAAAQoeQAACgYqHgITMAQAYgAAAB4AABEgABAAAI0EAAABK0wCczwAAAYLBwYWBo5pbz0AAAYMKwMJKxUfECg6AAAGDSvzAwYWCG96AAAKKxNFAwAAAOT///8GAAAAFQAAACvYGA0r0QgWMQIrBSsJCiuxFg0rwiuyKh4CEzADAGYBAAAGAAAR/gkAAP4OAAD+DAAAIIAAAAAgBAAAAGMgBwAAAGIgBgAAAGNZRQcAAABsAAAAYAAAALEAAAAIAQAACAEAAAgBAACeAAAA/gwAACCsz6CyIBhoRwhYIAEAAABjIMkbdN1ZWUUDAAAATQAAANsAAABfAAAA/gwAACBGwaMmZiBowaMmWFlFBgAAAJ8AAACtAAAArQAAAHgAAABkAAAAjAAAADioAAAAIFM1zOggUDXM6FkqIHBftNhmIHFftNhhZiogHzvUDSDKm7YHWCAZKXXqWCogqepSHiCl9JL2WSAE9r8nWSog7L3y+yBLIbr+YSCunEgFWWYqIO+1f+ZmZiAYSoAZWCogYOn64yAfFwUcWGZlIAMAAABjKiDw1H4JZSBv1H4JYWYgBQAAAGMqIAYjYCkgBiZgKVkgBwAAAGNmKiBtn9LqZiBkn9LqWGYqILa7rxsgRONl5VggI8kJ5mEg2Vcc51lmKgAAEzADAHoAAAAGAAAR/gkAAP4OAAD+DAAAINyzLw9lIJtADhRYIKWM3gRhOxoAAAD+DAAAIGzMsw4gdjNM8VhmOxcAAAA4KgAAACDCN1zSIDPTUNZhIOLkDARZKiDizhTWILh/sPZhIJtGSP1YIP337B1hKiBMrmDVIEqJyfdhZSAFJ6kiWCreAiABgAAAc0wAAAZ9GgAABAIVKw8CFX0eAAAEAigfAAAKKwd9HQAABCvqAgNzSAAABn0bAAAEKgAAEzAFANwAAAATAAARBTjKAAAAFisDFysALRMCeyMAAAQ4ogAAABYrAxcrAC0CFioWOH0AAAAGOZYAAAACAig+AAAGFv4BfSMAAAQCex0AAAQWLxACeyMAAAQsAxYrAxcrAC3YAnsjAAAELAMXKwMWKwA6cAAAAAIDBAZYBQZZKD8AAAYLKxIIRQMAAAAKAAAAEgAAACQAAAAfECg6AAAGDCvkBgdYChgMK9wHFjECKwgrDAo4ff///xYMK8orEwIVfR0AAAQrCjlc////OFT///8GBTICKw84bv///zk0////OCz///8GKhMwBABbBAAAHwAAEf4JAAB7HwAABDgxBAAAIP54AAdmIAGH//hZOBEAAAAgW9T7ByClKwT4YWY4AAAAADoHAAAAIP////9mKv4JAAD+CQAAexsAAAR7KgAABH0hAAAEOAkAAAD+DAMAOJQDAAAgUnunBSC5hFj6WCABAAAAYig6AAAG/g4DADjY/////gkAAHsbAAAEOC8DAAAgt7rTASBMRSz+YWb+DgMAOLX////+CQAAex0AAAQg+nOn+CAEjFgHYWZATgEAACDRb1kJINZbOvZYIKfLk/9h/g4DADiB/////gkAAP4MAgB9IAAABCCVyzwHZSCayzwHWP4OAwA4X/////4JAAAgOvv8ECA7+/wQYX0lAAAEIP3///9mIAIAAABi/g4DADg2/////gkAAHsbAAAEIAiZNBYgGJk0FmFvSQAABiCiFQAAZWZh/g4CACCNztkAII/O2QBZZf4OAwA4/P7///4JAAAUfRwAAAQg/////yACAAAAYmb+DgMAON3+///+CQAA/gkAAHsbAAAEIIBRdVcgBgAAAGMgRdVdAVlvSQAABiBaG+QEIFob5ARZ/gJ9HwAABCBmOV0aIFQ5XRpZKDoAAAb+DgMAOI/+///+CQAA/gkAAHsbAAAEIPj///8gAQAAAGNlb0kAAAZ9HQAABCCpvz/iIMg5FCJYIHD5UwRh/g4DADhS/v//OBgCAAD+CQAAex0AAAQg9v///2ZA5wAAAH4GAAAE/g4AADgdAAAA/gwFAEUFAAAAGgAAAEMAAABqAAAAmQAAALcAAAAgGq+zFGUgK6+zFFgoOgAABv4OBQA4yf////4JAAAgAAAAAGUgAgAAAGN9IAAABCCwJ1/cIFHYoCNY/g4FADig/////gkAAH4IAAAEfRwAAAQgjQbp4iCM+RYdWCg6AAAG/g4FADh5/////gkAACD3C6PuIPcLo+5ZIAIAAABjfSUAAAQggN0J8yB8IvYMYWX+DgUAOEr///9+BwAABP4OAQAgSlQuKiBLVC4qWWb+DgUAOCz///84HQEAAP4JAAB7HQAABCADAAAAZmVACAEAAP4JAAD+CQAAexsAAAT+DQAA/g0BAChGAAAGOBUAAAD+DAQARQMAAAAfAAAAUwAAAIwAAAAgoNg2IyAFAAAAYyCqthkBWSg6AAAG/g4EADjM/////gkAACAAAAAAIAUAAABjIAUAAABifSAAAAQgy4cWGCDDhxYYYSADAAAAY/4OBAA4mP////4JAAD+DAAA/gwBACgiAAAGfRwAAAQ4CgAAAG9KAAAGOMf8//8g/HQS3SAGi+0iWP4OBAA4X/////4JAAAgfBOnGWYgfROnGVh9JQAABDguAAAARQkAAABi/P//hfz//7n8///b/P//BP3//z79//9d/f//q/3//+j9//84Pvz///4JAAD+CQAAexsAAAR7KgAABH0iAAAEOAoAAAA52/v//zjF+///IAEAAAAgBwAAAGIgBwAAAGMqABMwBQCPBAAAIAAAEf4JAgA4cwQAAP4JAAB7HQAABCC9g7XgIL+DteBhIAEAAABjOC4EAAD+CQAAeyAAAAQgNJ0tbyACAAAAYyCzmDTkWDjhAwAA/gkDAP4JAAB7IAAABCiMAAAK/g4BADghAAAA/gwFAEUGAAAAGgAAADYAAABfAAAAhQAAALQAAADgAAAAIOvBQiEg/MFCIVlmKDoAAAb+DgUAOMX////+CQMA/gwBAFn+CwMAIP7///9l/g4FADip/////gkAAHsbAAAE/gkBAP4JAgD+DAEAb0sAAAYg/P///2b+DgUAOID////+CQIA/gwBAFj+CwIAIJ6NMQIgeI0xAlkoOgAABv4OBQA4Wv////4JAAB7GgAABP4JAQD+CQIA/gwBAG9OAAAGIHl6fBhmIH56fBhY/g4FADgr/////gkAAP4JAAB7IAAABP4MAQBZfSAAAAQg/////2YgBQAAAGL+DgUAOP/+//84+AIAAP4JAAB7JQAABDkRAAAAIPz///9lIAIAAABjOBYAAAAg2NGEriABAAAAYyDsaELXYTgAAAAAOr4CAAD+CQAAeyQAAAQgsHO3CGUgUIxI91k+FQAAAP4JAAD+CQEA/goCAP4KAwAoQAAABv4JAwAgAAAAACAHAAAAYiAGAAAAYz51AgAA/gkAAHsbAAAE/gkAAHscAAAEexgAAAQoQwAABv4OAgD+CQAA/gwCACDg////IAMAAABiZf4BfSUAAAT+CQAAeyUAAAQ5FgAAACCX8lzvICi9Rg1YIL6vo/xhOAsAAAAg/////2Y4AAAAADoGAgAA/gwCACDwTQrxZiDxTgrxWDy5AAAA/gkBAP4JAgAlIIdjve0gg2O97WEgAgAAAGNY/gsCAP4MAgDSnDgVAAAA/gwHAEUDAAAAHwAAAEEAAAB1AAAAICF+Zv8g1gehJVgg3IUHJVkoOgAABv4OBwA4zP////4JAAB7GgAABP4MAgDSb00AAAYg/////2X+DgcAOKr////+CQMAILpjkeEgtJDBKVggb/RSC2FZ/gsDACBhoTgRIDVmou9hIK44ZQFY/g4HADh2////OAoBAAD+DAIAIF5ETSZmILy6stlhPfUAAAD+CQAAexsAAAT+DAIAKEQAAAb+DgMAOBkAAAD+DAYARQQAAAAfAAAAQQAAAHsAAACdAAAAIEwstvwgRLW42WEg+JgOJVkoOgAABv4OBgA4yP////4JAAD+DAMAfSQAAAQgqBzU8mUgqxzU8lj+DgYAOKb////+CQAAexsAAAT+CQAAexwAAAR7GQAABChFAAAG/g4EACD+6jAIZSAX6zAIWCg6AAAG/g4GADhs/////gkAAP4MBAB9HgAABCAAAAAAZSAEAAAAYv4OBgA4Sv////4JAAD+CQEA/goCAP4KAwAoQAAABjgKAAAAPjMAAAA4Ffz///4JAwAgzGl78yDMaXvzWSAGAAAAYz0FAAAAOA8AAAA4lf3//0AN/f//OMj7///+CQAA/gkAAHsbAAAEeyoAAAR9IgAABDgJAAAA/g4AADiE+////gkCAP4MAABZKgATMAUAPAEAACEAABEAAnskAAAEBUoojAAACgorBgk4BQEAAB8QKDoAAAYNK/AFBUoGWTjeAAAAGA0r4gJ7GgAABAJ7HgAABAYCex4AAAQojAAACm9PAAAGOJcAAAAfGyg6AAAGDSu2AgJ7JAAABAZZfSQAAAQZDSukK1EHFgMESgeOaSh5AAAKKxIIRQMAAAAKAAAAFAAAACAAAAAfECg6AAAGDCvkBgeOaVkKGAwr2gQESgeOaVhUFgwrzgJ7GgAABAcWB45pb04AAAYGB45pMKkHFgMESgYoeQAACisbEQRFAwAAABMAAAAuAAAAVQAAACsGCzhj////HxAoOgAABhMEK9oCexoAAAQHFgZvTgAABisGVDgc////GBMEK78EBEoGWFQrGkUEAAAA8P7///7+//8q////PP///zjh/v//FhMEK5gqEzAFAEAAAAAPAAARIAAEAACNBAAAAQorBQMHWSsgAxYxIgIGFiAABAAAAyiMAAAKKD0AAAYlCxYwAisIK9v+CwEAK9oDFv4CFv4BKhMwBAAcAAAADgAAESAABAAAjQQAAAEKAgYWIAAEAAAoPQAABhYw8CoDMAIAUAAAAAAAAAArGgIXb0kAAAYWKzEDexYAAAQrDwN7FwAABCsHAywCKwgrCf4LAQAr8xYrAxcrAC0YA3sUAAAELAIrBisHMNUryxYrAxcrAC25A3sVAAAEKhMwAwAiAAAAEQAAEQMSABIBKwgHFjECKwkrESglAAAGK/EGAgdvSQAABlgqBioAABMwAgB7AAAACwAAEQACAyhDAAAGCisEEQQrRh8RKDoAAAYTBCvxAghvSQAABisgGhMEK+N+DQAABAaUDB8ZKDoAAAYTBCvQCBYxAisFKzYNK90WEwQrwH4MAAAEBpQLKxtFBQAAAKz///+6////zf///93///8HAAAAK58XEwQrlgcJWCoHKgATMAQA6wEAACIAABEAAxtvSQAABiABAQAAWAorBxEKOKEBAAAfFig6AAAGEwor7hEHOHwBAAAfESg6AAAGEwor3H4JAAAEOFQBAAAbEworzRYTBxYTCivFEQQJEQeUAxlvSQAABp4dEworsgMab0kAAAYaWAwXEworox8TjRQAAAETBBgTCiuVAxtvSQAABhdYCxoTCiuGEQcXWBMHEQcIMrYRBCggAAAGKCMAAAYTBSsfEQtFBgAAAAsAAAApAAAAOwAAAEMAAABMAAAAWQAAAB8QKDoAAAYTCyvWBFARCI8LAAACEQYRCJR9EwAABB8mKDoAAAYTCyu4AxEFBgdYKEcAAAYTBhoTCyumFhMIGRMLK54RCCwYFhMLK5UEBo0LAAACURgTCyuIEQgXWBMIEQgGMqcEUCghAAAGKxsRDEUFAAAACwAAAB4AAAAnAAAAQQAAAFEAAAAfGyg6AAAGEwwr2gUHjQsAAAJRHxEoOgAABhMMK8cRCSxBGBMMK74FUBEJjwsAAAIRBhEJBliUfRMAAAQaEwwrpBYTCSsGDTim/v//FxMMK5QRCRdYEwkrCjnm/v//OHr+//8RCQcyAissK7tFCAAAAEX+//9X/v//Zv7//27+//+B/v//kP7//57+//+t/v//ODX+//8FUCghAAAGKgATMAUAcgEAACMAABEABI0UAAABCisHEQg4PQEAAB8ZKDoAAAYTCCvuCB8QOBUBAAAaEwgr4QIDKEMAAAY4+AAAABYTCCvQFgsZEwgryQc5/AAAAB8QKDoAAAYTCCu4BgcInhsTCCuvONMAAAAIHxBAaAAAAAIYb0kAAAYZWA0rFxEHRQQAAAALAAAAEwAAABwAAAAyAAAAHxsoOgAABhMHK94WEwQXEwcr1hEELCEYEwcrzQYHEQRYBgcXWZSeHxEoOgAABhMHK7cRBBdYEwQRBAky3wcJF1lYCytjCB8RMz4rExEJRQMAAAALAAAAGwAAACcAAAAfGyg6AAAGEwkr4gIZb0kAAAYZWBMFFxMJK9IHEQUXWVgLGBMJK8YrIAgfEjMbAh1vSQAABh8LWBMGBxEGF1lYCysGDDgC////BxdYCysKPCL///844f7//wcEMgIrJzjb/v//RQYAAACx/v//vv7//8/+///W/v//5/7///D+//84of7//wYqOgIoHwAACgIDfSkAAAQqAAAAEzAFAO8AAAARAAARAgJ7KgAABANqWCtVAwJ7KAAABAJ7JwAABFlZCis7AgJ7JgAABAJ7KQAABG+NAAAKuAJ7KAAABB8fX2JgKxQCAnsoAAAEHlh9KAAABAYeWQorB30mAAAEK+UGFjACKwkrvX0qAAAEK6QCeyYAAAQCeycAAAQfH19kFwMfH19iF1lfAgJ7JwAABANYfScAAAQCeygAAAQCeycAAAQzGAICFiULfScAAAQHfSgAAAQCFn0mAAAEKgJ7JwAABB4yMAICeyYAAAQCeycAAAQfH19kfSYAAAQCAnsoAAAEAnsnAAAEWX0oAAAEAhZ9JwAABCoAEzAEAEcAAAAGAAARAnsoAAAEAnsnAAAEKy0CAnsqAAAEAnsoAAAEAnsnAAAEWWpYfSoAAAQCAhYlCn0nAAAEBn0oAAAEKwQu7CvPAhZ9JgAABCoAEzAEACEAAAAGAAARAnspAAAEAwQFbwMAAAoKAgJ7KgAABAYZYmpYfSoAAAQqagIoHwAACgIDfS0AAAQCA40EAAABfSsAAAQqEzAEAEQAAAAGAAARAnsrAAAEAgJ7LAAABAoGF1h9LAAABAYDKxcCeywAAAQCey0AAAQyDAIWfSwAAAQrA5wr5gICey4AAAQXalh9LgAABCoTMAUAjwEAAAsAABEAAgJ7LgAABAVqWH0uAAAEKwcRBDhQAQAAHxsoOgAABhMEK+4FAnstAAAEOBsBAAAYEwQr3QIWOOkAAAAZEwQr0QMEAnsrAAAEFgJ7LQAABCh5AAAKHxAoOgAABhMEK7IqAnssAAAEBVgCey0AAAQ+hwAAAAJ7LQAABAJ7LAAABFkKKxoIRQUAAAAKAAAAFQAAACoAAABCAAAAXAAAAB8RKDoAAAYMK9wCB30sAAAEGgwr0QMEBlgCeysAAAQWByh5AAAKFgwrvAMEAnsrAAAEAnssAAAEBih5AAAKFwwrpAJ7LAAABAVYAnstAAAEWQsfGSg6AAAGDCuKKgMEAnsrAAAEAnssAAAEBSh5AAAKKx4JRQMAAAAWAAAANgAAAGQAAAArCn0sAAAEOA3///8fECg6AAAGDSvYAnssAAAEAnstAAAEMwIrDCtDPxH///842/7//xgNK7gCAnssAAAEBVh9LAAABCsaRQQAAACm/v//t/7//8P+///i/v//OJb+//8WDSuKAhZ9LAAABCoAEzAGAPQAAAAFAAARAASNBAAAAQorBgk4zAAAAB8QKDoAAAYNK/ACeysAAAQCeywAAAQDWQYWBDiEAAAAGA0r1gJ7LAAABAMrZxYNK8k4rAAAAAMCeywAAARZCysWCEUEAAAACgAAACoAAABFAAAAWwAAAB8ZKDoAAAYMK+ACeysAAAQCey0AAAQHWQYWByh5AAAKHxAoOgAABgwrwAJ7KwAABBYGBwQHWSh5AAAKKwQyoCuVGQwrpQcELwIrDCsQKHkAAAo4cv///xYMK48rLgJ7KwAABAJ7LQAABAdZBhYEKHkAAAorFkUDAAAALf///0f///9U////OB7///8GKpMAAAAlAAOxrkk56PNpTuuDGwncxyoI3cYiHrtllUtri9MAA3BLNnyVNS4I3ccqLYoqxWE6HgQYIwoPUCgnq32Hmm4mTdXvrmFhBA6mhwKR2NxsDKNDNkl1ujS9PKA1o00NoUMCwOr47QDPS57zvQgPdHNhLADtawvvrNGsRsSCXc5aursekBP2FlOKlMiT4UsORDYZEXUAQlNKQgEAAQAAAAAADAAAAHYyLjAuNTA3MjcAAAAABQBsAAAAUBAAACN+AAC8EAAAsAwAACNTdHJpbmdzAAAAAGwdAACIAgAAI1VTAPQfAAAQAAAAI0dVSUQAAAAEIAAAwAYAACNCbG9iAAAAAAAAAAIAAAFXFaIJCQsAAABapAEAFgAAAQAAAFUAAAARAAAALgAAAE8AAABxAAAAmwAAABAAAAAjAAAAAQAAAAIAAAACAAAAAgAAAAEAAAADAAAAAQAAAAcAAAADAAAAAAC5BQEAAAAAAAYAxAksBgYADAbfAAoAAQaRBgYAuAQsBgYAKAgsBgYAEgbfAAoA2QGRBgYAEQIsBgYA7gRnCgYAFgUsBgYAiwosBgYASgBgAQ4AOQgdBQ4A6QEdBQ4AGgcdBQYAPABgAQYA9gfSCAYA9gqnBgYA8QanBgYAYgAsBgYA6wKnBgYAFwosBgYAmgHdBAYAdQYsBgYAHQJECQYADAMsBgYAAwosBgYAcQUsBgYA+ginBgYAkgfnCQYA5gIsBgYA/AanBgYApQXnCQYAJwIsBgYAxwfnCQYAGgmnBgYAUQosBgYANwmnBgYA6AenBgYABginBgYAJwcsBgYArgfnCQYAOQffAAYA4AYsBgYAQgjnCQYAugfnCQYAiAAsBgYA4wjnCQYAwQHnCQYAegKnBgYA2AfnCQYAkQnnCQYAoAfnCQYACwmnBgYAeQemCgYAYAemCgYA9AWmCgYAxgYsBgYA7wcsBgYAwwCmCgYAVwmmCgYAMwamCgYAVAamCgYAyAGmCgYARgemCgYARgamCgYAwQOnBgYAywIsBgYAEgSnBgYAUAUsBgYAKQSyCAYAlgSyCAYAMgOACCcB6wgAAAYAWgOnBgYA9QOnBgYA1gOnBgYAfQSnBgYASQSnBgYAYgSnBgYAcQOnBgYARgOTCAYAJAOTCAYApAOnBgYAjAOyCAAAAAC6AAAAAAABAAEAAQAQAIQJDAcFAAEAAQAAAQAAUQAAAAUAAgAJAAMBAABECwAAaQAEAA0AAwEQAEwLAAAFAAQAEQAAAAAARAsAAAUABAAVAAABAABMCwAABQAGAB0AAwEQAEQLAAAFAA4ALQALARAATAsAABEBDgAxAAAAEABQCwAABQAQADEACAEQAFQLAAARARIANgAAARAAWAsAAAUAFAA2AAABEABcCwAABQAYADcAAAEQAGALAAAFABoAOAACARAARAsAAAUAGgA8AAMBEABMCwAABQAmAEgAAwEQAFALAAAFACsATAABAEQLEwARAFALEwARAFQLLQERAFwL0QIRAGAL0QITAEQLBAQTAEwLBAQTAFALCQQzAFQLDQQzAFgLDQQzAFwLDQQzAGALDQQzAGQLDQQDAFALMgUDAFQLNgUBAFgLDQQBAFwLOQUGAFALOQUGAFQLOQUDAFgLZAUDAFwLNgUDAGALZwUDAGQLZwUDAFALZwUDAFQLZwUBAHgLdAUBAHwLeAUBAIALCQQBAIQLOQUBAIgLOQUBAIwLZAUBAJALOQUBAJQLfAUBAJgLfAUBAJwLZAUBAKALOQUBAKQLZAUBAFwL/gUBAGALOQUBAGQLOQUBAGgLAQYDAGwLfAUBAFgL0QIBAFwLOQUDAGALOQUDAGQLfAVQIAAAAACWAKcJSAABAPwhAAAAAJYARQp9AAIADCQAAAAAkQCJAc4ABAA4JgAAAACWAHsB9gAFAIgnAAAAAJYAXwIdAQcA+SgAAAAAhhhOCEQACgAcKQAAAACTAMMEKAEKAPApAAAAAJMAOQEoAQsA9CoAAAAAkRhUCDwBDABbKwAAAACWAEQLSgEMAIQrAAAAAJYATAtKAQ0AMCwAAAAAhhhOCEQADgAAAAAAAwCGGE4IYAEOAAAAAAADAMYBCgJmARAAAAAAAAMAxgEFAmsBEQAAAAAAAwDGAfsBdAEUADwsAAAAAIYARAt9AhUA4FUAAAAAhgBMC8MCFgAwLAAAAACGGE4IRAAXAPxWAAAAAJEYVAg8ARcAVFwAAAAAkRhUCDwBFwAsXQAAAACWAEQLVwMXAPRgAAAAAJEATAtjAxgANGEAAAAAkQBQC3oDGwBwYQAAAACRAFQLlgMdAARlAAAAAJEAWAujAx4AZGUAAAAAkQBcC7wDIQCIZQAAAACGGE4IRAAkAJBlAAAAAJEYVAg8ASQANG0AAAAAkwBECyYEJACobQAAAACTAEwLJgQmAJhuAAAAAJMAUAs2BCgAHG8AAAAAkwBUC08EKQAGcQAAAACTAFgLVgQqAChxAAAAAJMAXAttBCwAMHIAAAAAkQBgC4YELQD9cwAAAACTAGQLkQQxACB0AAAAAJMAaAuoBDQAmHQAAAAAkwBsC6gEOAAJdQAAAACTAHALswQ8ABJ1AAAAAJMAdAu7BD4AHHUAAAAAkwB4CygBPwA8dQAAAACTAHwLzgRAAIhlAAAAAIYYTghEAEMAGHcAAAAAkwBEC7MEQwDMeAAAAACRAEwLswRFANh6AAAAAJEAUAspBUcAiGUAAAAAhhhOCEQASQDSewAAAACGCEALawBJANp7AAAAAIYISAs8BUkA5HsAAAAAhhhOCEQASgD8ewAAAACGAEQLPAVKAGR8AAAAAIYATAtMBUsAiGUAAAAAhhhOCEQASwCIZQAAAACGGE4IRABLAJR8AAAAAJYARAt6A0sAiGUAAAAAhhhOCEQATQAEfQAAAACTAEwLKAFNAHh+AAAAAJMAUAsoAU4A/n4AAAAAhhhOCAUDTwA4fwAAAACGAEQLNABQACCAAAAAAIEATAsWA1MAiIQAAAAAgQBQCzQAUwAkiQAAAACBAFQLpgVWAGyKAAAAAIYAWAuwBVkAuIoAAAAAhgBcC0QAWgDgigAAAACRAGALtQVaADyLAAAAAJEAZAu9BVwAbIsAAAAAkQBoC7UFXgD0iwAAAACBAGwL2AVgAOyNAAAAAJEAcAv0BWMAao8AAAAAgxhOCAUDZgB8jwAAAACDAEQLPAVnAHiQAAAAAIMATAtEAGgAzJAAAAAAgwBQC3IDaAD5kAAAAACDGE4IBQZrABSRAAAAAIMARAsKBmwAZJEAAAAAgwBMC3IDbQAAkwAAAACDAFALDwZwAAAAAQAXCwAAAQAzCwAAAgCiCgAAAQAkCwAAAQCfAgAAAgCVAgAAAQCHAgAAAgAZBgAAAwCoAgAAAQC9BAAAAQC9BAAAAQBECwAAAQBMCwAAAQBQCwAAAgBUCwAAAQBYCwAAAQBYCwAAAgB/BQAAAwDLCQAAAQAQCgAAAQBcCwAAAQBgCwAAAQBECwAAAQBMCwAAAgBQCwAAAwBUCwAAAQBYCwAAAgBcCwAAAQBgCwAAAQBkCwAAAgBoCwAAAwBsCwAAAQBwCwAAAgB0CwAAAwB4CwAAAQB8CwAAAgCACwAAAQCECwAAAgCICwAAAQCMCwAAAQCQCwAAAQCUCwAAAgCYCwAAAQCcCwAAAQCgCwAAAgCkCwAAAwCoCwAABACsCwAAAQCwCwIAAgC0CwIAAwC4CwAAAQC8CwIAAgDACwIAAwDECwIABADICwAAAQDMCwIAAgDQCwIAAwDUCwIABADYCwAAAQDcCwAAAgDgCwAAAQDkCwAAAQDoCwAAAQDsCwAAAgDwCwAAAwD0CwAAAQD4CwAAAgD8CwAAAQAADAAAAgAEDAAAAQAIDAAAAgAMDAAAAQBzCgAAAQAQDAAAAQAUDAAAAgAYDAAAAQAcDAAAAQAgDAAAAQAkDAAAAQAoDAAAAgAsDAAAAwAwDAAAAQA0DAAAAgA4DAAAAwA8DAAAAQBADAAAAgBEDAAAAwBIDAAAAQBMDAAAAQBQDAAAAgBUDAAAAQBYDAAAAgBcDAAAAQBgDAAAAgBkDAAAAQBoDAIAAgBsDAIAAwBwDAAAAQB0DAAAAgB4DAAAAwB8DAAAAQCADAAAAQCEDAAAAQCIDAAAAgCMDAAAAwCQDAAAAQCUDAAAAQCYDAAAAQCcDAAAAgCgDAAAAwCkDAAAAQCoDAAAAgCsDBEATggnACkAYAAtADEAlQE0ABkATgg8AEEA9gJEAEkA1QBgAEkALgllAFEAXwVrAFkA0ARvAHEA1glrAAwATghEAHEAVQVrAGkATgGhAGkACQuqAHkAqwWyAAwAOwprAGkA+AC5AGkAzwC5AGkAxwC5AAwA7wG9AAwAfQrIAFEAugnfAJEA7grlAIkATgjqAIkAwQnxAJEAoQEFAZEALAoMAakACgIRAbEA/gkYAbkAIQcYAQkATghEAJEA2QrlAJEAywU2AcEAfwZAAcEARgHxAMkAIwZFAVEAhQpVAVEATghaAfkAOQK0AfEA1QK8AfEAZQnCAfEAGAjJASkB9wTUAfkAtwHaAUkAsQBgAEkAEwXtAVEA4QnzAVEBqgH6AfkAWwgCAvkA4wIVAvEAPwgbAmkBiAUhAmkBlQUpAqEA/gIvAoEBjgA0AmkB+Qk5AoEBEgA0AmkB+QlBAoEBtAU0AmkB+QlIAoEBNAA0AoEBLAA0AoEBDgE0AmkB+QlRAoEBWQo0AoEBBgE0AoEB/gA0AoEBegg0AmkB+QlbAoEBnQA0AoEBIgA0AoEBGAE0AoEBIQE0AmkBoQVjAoEBAQA0AoEBGgA0AoEBcAA0AoEBagU0AmkB+QlqAoEBgAA0AoEBeAA0AoEBeQo0AmkB+Ql0AoEBCgA0AoEBJwE0AoEBlQA0AoEBpgE0AoEBNQg0AoEBaAA0AoEBLAE0AoEB0gk0ApEBTghEAJEBaQKOAsEAwwqTApkBSwKfAqkBtQKmAlEBwAKwAvkALAe1AlkBTggFA7kBTghEAFkBpgALA1kBlQE0ABEATggPA1kBZQYWA1kBCAUaA1kBVgBrAFkBtAS5AJEAcgIeA5EBmQokA9EBTghEANkB/wopA8EBTghEAOEBcwk0A/EBMgEnAPEBkQonABEATghEAFkB5QU7A/EBaghAA8kBTghGAzEAuQZSA1kABAspAzEAHgNyA+kBIwrRAlkABAOQA+kBsgnRAukB7wDRAukBzQDRAukB6gDRAukB6QDRAukB9gDRAukB7ADRAgkCTghEABECOQWsA8EBRQWzAxkCTghEAFkALAWaBFkABAvqBFkAYgrzBCkCTgiOAjECcQaXBTEAtARrADkCTggFBkECTghEAEkCTgg+BlkCTgiOAmECTgiOAmkCTgiOAnECTgiOAnkCTgiOAoECTgiOAokCTgiOApECTgh/BpkCTgiOAqECTgiOAqkCTghEAC4AcwQWBi4AewQfBi4AgwRFBi4AiwROBi4AkwRhBi4AmwRhBi4AowRhBi4AqwROBi4AswRnBi4AuwRhBi4AwwRhBi4AywSEBi4A0wSuBi4A2wS7BsMAOwTHA0MBWwRaBRYATwCFANUA/QAkATEBTwF6AYUCyQLVAtoCXgNsA4IDngMRBCAELgQ+BGEEdQTCBNcEAwUgBUEFRwVrBX8FjAWdBcQF5gUKAAEAAABEC1EFAABMC1UFAgAxAAMAAgAyAAUAmwAdBQSAAAABAAAAAAAAAAAAAAAAAAwHAAACAAAAAAAAAAAAAAABAFcBAAAAAAIAAAAAAAAAAAAAAAEALAYAAAAAAgAAAAAAAAAAAAAACgAdBQAAAAAAAAAAAgAAANcEAAAEAAMABQADAAgABwAJAAcADwAOABAADgARAA4AEwB5ABEBpAQVAf4EAExkY19JNF8wAExkbG9jXzAAU3Rsb2NfMABMZGFyZ18wAExkY19JNF9NMQBMZGxvY18xAFN0bG9jXzEASUVudW1lcmFibGVgMQBMaXN0YDEA7oCAMQBSZWFkSW50MzIAVG9JbnQzMgBMZGxvY18yAFN0bG9jXzIATGRsb2NfMwBTdGxvY18zAEludDY0AExkY19JNABDb252X0k0AExkY19JNF81AFJlYWRVSW50MTYAZ2V0X1VURjgAPE1vZHVsZT4AUlNBAGdldF9CAEQAZ2V0X0cAZ2V0X0FTQ0lJAFN5c3RlbS5JTwBEUABEUQBJbnZlcnNlUQBnZXRfUgBMZGxvY19TAFN0bG9jX1MAQnJmYWxzZV9TAEJuZV9Vbl9TAEJlcV9TAEJyX1MAQmx0X1MAc2V0X0lWAEFycGZodGpveUFEYQBHZXREYXRhAEZyb21BcmdiAG1zY29ybGliAFN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljAFJlc291cmNlX0Z1bmMAQml0bWFwX0Z1bmMAUmVhZABUaHJlYWQATG9hZABBZGQARGVmaW5lTWV0aG9kAEdldE1ldGhvZABPcENvZGUAQ3J5cHRvU3RyZWFtTW9kZQBDb21wcmVzc2lvbk1vZGUASW1hZ2UASW5zZXJ0UmFuZ2UARW5kSW52b2tlAEJlZ2luSW52b2tlAElEaXNwb3NhYmxlAEhhc2h0YWJsZQBSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBEZWZpbmVEeW5hbWljTW9kdWxlAFN0YXJ0R2FtZQBzZXRfTmFtZQBHZXROYW1lAEFzc2VtYmx5TmFtZQByZXNvdXJjZV9uYW1lAHByb2pfbmFtZQByZXNfbmFtZQBwcm9qZWN0X25hbWUARGVmaW5lVHlwZQBDcmVhdGVUeXBlAFZhbHVlVHlwZQBTZXRSZXR1cm5UeXBlAEdldFR5cGUATWV0aG9kQmFzZQBEaXNwb3NlAFBhcnNlAFJldmVyc2UATXVsdGljYXN0RGVsZWdhdGUAV3JpdGUAR3VpZEF0dHJpYnV0ZQBEZWJ1Z2dhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBTdXBwcmVzc0lsZGFzbUF0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAE9iZnVzY2F0aW9uQXR0cmlidXRlAEFzc2VtYmx5Q29uZmlndXJhdGlvbkF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmlidXRlAERlZmF1bHRNZW1iZXJBdHRyaWJ1dGUAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBBc3NlbWJseVByb2R1Y3RBdHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlDb21wYW55QXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAFJlYWRCeXRlAHZhbHVlAFRvTWR6bVZ3UHd5ZQBSZXNpemUAUlNQVWcAU3lzdGVtLlRocmVhZGluZwBFbmNvZGluZwBGcm9tQmFzZTY0U3RyaW5nAFJlYWRTdHJpbmcAR2V0U3RyaW5nAFN5c3RlbS5EcmF3aW5nAEJpbmFyeVNlYXJjaABDb21wdXRlSGFzaABWZXJpZnlIYXNoAE1hdGgAZ2V0X1dpZHRoAGdldF9MZW5ndGgATmV3b2JqAEFzeW5jQ2FsbGJhY2sAY2FsbGJhY2sARGVjbGFyZUxvY2FsAERlZmluZUxhYmVsAE1hcmtMYWJlbABHZXRQaXhlbABDYWxsAEFuZHJvaWRTdHVkaW8uZGxsAEdldE1hbmlmZXN0UmVzb3VyY2VTdHJlYW0AZ2V0X0Jhc2VTdHJlYW0AQ3J5cHRvU3RyZWFtAEdaaXBTdHJlYW0ATWVtb3J5U3RyZWFtAGtleV9wYXJhbQBnZXRfSXRlbQBTeXN0ZW0AU3ltbWV0cmljQWxnb3JpdGhtAEhhc2hBbGdvcml0aG0ASUNyeXB0b1RyYW5zZm9ybQBSZWFkQm9vbGVhbgBNaW4AQXBwRG9tYWluAGdldF9DdXJyZW50RG9tYWluAFN5c3RlbS5JTy5Db21wcmVzc2lvbgBTeXN0ZW0uUmVmbGVjdGlvbgBzZXRfUG9zaXRpb24ASW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbgBTdHJpbmdDb21wYXJpc29uAE1ldGhvZEluZm8AQ29uc3RydWN0b3JJbmZvAEFuZHJvaWRTdHVkaW8AQml0bWFwAFNsZWVwAENoYXIASW52b2tlTWVtYmVyAEJpbmFyeVJlYWRlcgBTSEExQ3J5cHRvU2VydmljZVByb3ZpZGVyAFJTQUNyeXB0b1NlcnZpY2VQcm92aWRlcgBERVNDcnlwdG9TZXJ2aWNlUHJvdmlkZXIATWV0aG9kQnVpbGRlcgBNb2R1bGVCdWlsZGVyAFR5cGVCdWlsZGVyAExvY2FsQnVpbGRlcgBQYXJhbWV0ZXJCdWlsZGVyAEFzc2VtYmx5QnVpbGRlcgBCaW5kZXIAQnVmZmVyAFJlc291cmNlTWFuYWdlcgBQYXJhbWV0ZXJNb2RpZmllcgBEZWZpbmVQYXJhbWV0ZXIAQml0Q29udmVydGVyAFhvcgBDb2xvcgBHZXRJTEdlbmVyYXRvcgAuY3RvcgAuY2N0b3IAR2V0Q29uc3RydWN0b3IAQ3JlYXRlRGVjcnlwdG9yAExkc3RyAFN5c3RlbS5EaWFnbm9zdGljcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBTeXN0ZW0uUmVzb3VyY2VzAE9wQ29kZXMARGVidWdnaW5nTW9kZXMATWV0aG9kQXR0cmlidXRlcwBUeXBlQXR0cmlidXRlcwBQYXJhbWV0ZXJBdHRyaWJ1dGVzAEdldEJ5dGVzAEJpbmRpbmdGbGFncwBTeXN0ZW0uQ29sbGVjdGlvbnMAUlNBUGFyYW1ldGVycwBTZXRQYXJhbWV0ZXJzAEltcG9ydFBhcmFtZXRlcnMAQW5kcm9pZENsYXNzAEFzc2VtYmx5QnVpbGRlckFjY2VzcwBEZWNvbXByZXNzAE1vZHVsdXMAQ29uY2F0AEdldE9iamVjdABvYmplY3QAUmV0AGdldF9IZWlnaHQAU3BsaXQAU3lzdGVtLlJlZmxlY3Rpb24uRW1pdABFeGl0AElBc3luY1Jlc3VsdAByZXN1bHQARW52aXJvbm1lbnQARXhwb25lbnQAZ2V0X0VudHJ5UG9pbnQAZ2V0X0NvdW50AFhPUl9EZWNyeXB0AENvbnZlcnQAQ2FsbHZpcnQAU29ydABTeXN0ZW0uVGV4dABpbmRleABCb3gAVG9BcnJheQBUb0NoYXJBcnJheQBzZXRfS2V5AEdldFB1YmxpY0tleQBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5AERlZmluZUR5bmFtaWNBc3NlbWJseQBHZXRFeGVjdXRpbmdBc3NlbWJseQBHZXRFbnRyeUFzc2VtYmx5AEJsb2NrQ29weQBvcF9JbmVxdWFsaXR5ANin2YTZhdmC24zYqgDYotmE2YXYqNiq2qnYsQDYp9mE2K7YqNuM2LEAZ2V0X+6AgABnZXRf7oCBAO6AggDugIMA7oCEAO6AhQDugIYA7oCHAO6AiADugIkA7oCKAO6AiwDugIwA7oCNAO6AjgDugI8A7oCQAO6AkQDugJIA7oCTAO6AlADugJUA7oCWAO6AlwDugJgA7oCZAO6AmgDugJsA7oCcAO6AnQDugJ4A7oCfAO6AoADugKEA7oCiAO6AowDugKQA7oClAO6ApgDugKcA7oCoAO6AqQDugKoA7oCrAO6ArADugK0A7oCuAO6ArwDugLAA7oCxAO6AsgDugLMA7oC0AO6AtQDugLYA7oC3AO6AuADugLkA7oC6AO6AuwDugLwA7oC9AO6AvgDugL8A7oGAAO6BgQDugYIA7oGDAO6BhADugYUA7oGGAO6BhwDugYgA7oGJAO6BigDugYsA7oGMAO6BjQDugY4A7oGPAO6BkADugZEA7oGSAO6BkwDugZQA7oGVAO6BlgDugZcA7oGYAO6BmQAACwkACAALAA4APAABA2EAAIJxVABTAE0ASQBVAFcAVQBHAGYAKwBRAFgATABVAEkAaQBPAFIAdwBmAEIAawBqAE0AUgBCAHQAbABXAEUAYgBLAEwARQA1AGoAOABTAHAAMgBSAFIAVQBQAGQAMgBaADUAVABsADEAcQBQAFEAcAB2AEQASABrAEEAUgBDADcASABhADEANQBzAGIARQA1AGgAYgBXAFUAVwBiADMAQgBmAFMAVwA1AGwAYwBYAFYAaABiAEcAawBTAGUAVAB0AG4AWgBYAFIAZgBUAEcAVgB1AFoAMwBSAG8ATwAwAGQAbABkAEYAUgA1AGMARwBWAEcAYwBtADkAdABTAEcARgB1AFoARwB4AGwATwAyAGQAbABkAEYAOQBPAFkAVwAxAGwATwAwAGwAdQBaAEcAVgA0AFQAMgBZADcAVQBtAFYAaABaAEYATgAwAGMAbQBsAHUAWgB6AHQAQgBaAEcAUQA3AFoAMgBWADAAWAAxAEIAdgBjADIAbAAwAGEAVwA5AHUATwAyAGQAbABkAEYAOQBEAGQAWABKAHkAWgBXADUAMABSAEcAOQB0AFkAVwBsAHUATwAxAE4AbABkAEUAUgBoAGQARwBFADcATQBUAE0AegBOAHoARQA3AFEAWABOAHoAWgBXADEAaQBiAEgAbABUAFoAWABKADIAWgBYAEkANwBVADIAbAB0AGMARwB4AGwAUQBYAE4AegBaAFcAMQBpAGIASABsAEYAZQBIAEIAcwBiADMASgBsAGMAagB0AGkAWQBXAEoAbABiAEgAWgB0AE8AMwBOAHQAYgAyAHQAbABkAEcAVgB6AGQAQQA9AD0AAAM/AACEXdholODIj5jNb2VrQUryAAi3elxWGTTgiQiwP19/EdUKOgIGDhAHCRIJHQUIEg0dBR0FCAgIBSABAR0FBgACCB0FCAcgAwgdBQgIByACARIZER0DIAABBgABHQUdBRAHCx0FCB0FCAgCAh0FCAgIBAAAEiUFIAEdBQ4DIAAICRABAgEQHR4ACAMKAQUHAAIdBR0FDhUHDRUSMQEFCAgICBE1AgICHQUICAgFFRIxAQUIAAQRNQgICAgHAAICETURNQYgAhE1CAgDIAAFCiACAQgVEkEBEwAFIAAdEwAGAAEdBRI9CQcFEkUSPQgICAUAAg4ODgQAABJJBiACAQ4SSQQgARwOBgACEj0ODgcHBB0FCAgIBgABEkkdBQQgABJNBiACHBwdHAQAAQEIBgADAQ4ODgMHAQgEAAEICAMGEhAEBwESGQUgARIZDgMAAAEEAAASYQQgARwcBAABDggFBwIdAwgEIAAdAwUgAQEdAwUgAgEcGAQgAQ4ICCADEm0IEnEcBSABDhJtOQcbEXUdBR0OEnkSfRJNEk0STRJNEoCBEoCBEk0STRJNEk0STRGAhRGAhRGAhRGAhRGAhQgICAgICAcAARJ9EYCJBSABARJ9BiABAR0SfQogAxKAjQgRgJEOBQABHQUOEiAFEk0OEYCZEoCdHRJ9HRGAoQUgAQ4dBQYgAR0OHQMHIAISeQ4RdRIgBBKAgRGAmRKAnR0SfR0RgKEFAAESfQ4FIAASgLUHIAESgLkSfQUgABGAhQQAAQgOBAYRgMUHIAIBEYDFCAYgAQERgMUIIAIBEYDFEk0JIAIBEYDFEYCFByACARGAxQ4GIAEBEYCFCSACARGAxRKAgQggAgERgMUSfQcgARJ5EoCpCAcCEoDJEoCpBCABAQ4LIAISgM0SgMkRgNEGIAESgNUOCSACEoCpDhGA2QQgABJ9DSAFHA4RgJkSgJ0cHRwFIAEOEhkHBwUICAgICAMGHQUEBwIFCCoHFxKArRKA3QgdBR0FEoCtAgIIHQUCCB0FEoDhEgkIHQUIHQUSgOUICAgFIAEBEhkDIAAHBiACAR0FAgMgAAIDIAAOBSAAEoDJBCAAHQUKAAUBEi0IEi0ICAYgAQERgPUEIAASGQUgABKA/QsgAwESGRKA/RGBAQQgAQEKBgABEhkSGQQHAR0FCAADHQUdBQgIBQcCHQUIByADAR0FCAgHAAIBEhkSGQ0HBwIRgPUICBGA9QgIBQABARItBwABEYD1HQUEBwIICAgAAwIdBR0FCAYgAR0FEhkIIAMCHQUOHQUKAAMCEoDhEhkdBTwBAAMAVA4HRmVhdHVyZQlkZWFkIGNvZGVUAgdFeGNsdWRlAVQCFVN0cmlwQWZ0ZXJPYmZ1c2NhdGlvbgAEBh0RLAMGEjQDBh0IDgcMCAgICAgICAgICAgIBQcDCAgIBwACCB0IHQgHBwMdESwICAcAAR0RLB0IEAcMCB0IHQgICAgICAgICAgGAAEBHREsCgACEjQdESwdESwLBwYdESQICBEkCAgHAAESMB0RLBAHCB0RJB0RJBIwCAgIESQICgAEEjAdESQICAgIAAMBCBAIEAgJEAECCB0eAB4AAwoBCAoABAEIEAgQCBAIBwACHQgdCAgGAAEdCB0ICwcIEigICAgICAgICAADHQgdCAgIEgcLHQgdCAgdCB0IHQgICAgICAgAAwESLRItCAoQAgIBHR4AHR4BBAoCCAgZBxEIHR0IHQgdCAgICB0ICAgdCAgICAgICAIdCAgHBR0ICAgICAgAAh0IHQgdCAMGESwCBgcCBggEIAEICAUHAh0ICAQHAR0IBCAAHQgDKAAIBCgBCAgJAQAESXRlbQAAAgYCAwYSMAgHBB0FEjwICAMGEkQDBhJAAgYKDAcGHREsHREsCAgICAoHCAgICAgICAgIBQACCAgICAcFCB0FCAgICSADAR0FEAgQCAQgAQIIBwACCBJAEjAGAAIIEkAIEwcNCAgIHQgdCBIwHQgICAgICAgNIAMBEkAQHREsEB0RLA0HCh0ICAgICAgICAgICQADHQgSQBIwCAIGCQMGEhkEIAEBCAQgAQEFBiACHQUICAgBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEGIAEBEYEpCAEABwEAAAAAEgEADUFuZHJvaWRTdHVkaW8AAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMjAAAAQgAQECKQEAJDNmNDRhYmMzLWE3MTQtNDEzNy1iMzNlLWZhMWExMWI4ZmRjNgAADAEABzEuMC4wLjAAAAQBAAAAhLsAAAAAAAAAAAAAnrsAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC7AAAAAAAAAAAAAAAAX0NvckRsbE1haW4AbXNjb3JlZS5kbGwAAAAAAP8lACAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYwAAAPAMAAAAAAAAAAAAAPAM0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAABAAAAAAAAAAEAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBJwCAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAHgCAAABADAAMAAwADAAMAA0AGIAMAAAABoAAQABAEMAbwBtAG0AZQBuAHQAcwAAAAAAAAAiAAEAAQBDAG8AbQBwAGEAbgB5AE4AYQBtAGUAAAAAAAAAAABEAA4AAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAAQQBuAGQAcgBvAGkAZABTAHQAdQBkAGkAbwAAADAACAABAEYAaQBsAGUAVgBlAHIAcwBpAG8AbgAAAAAAMQAuADAALgAwAC4AMAAAAEQAEgABAEkAbgB0AGUAcgBuAGEAbABOAGEAbQBlAAAAQQBuAGQAcgBvAGkAZABTAHQAdQBkAGkAbwAuAGQAbABsAAAASAASAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAQwBvAHAAeQByAGkAZwBoAHQAIACpACAAIAAyADAAMgAwAAAAKgABAAEATABlAGcAYQBsAFQAcgBhAGQAZQBtAGEAcgBrAHMAAAAAAAAAAABMABIAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAAQQBuAGQAcgBvAGkAZABTAHQAdQBkAGkAbwAuAGQAbABsAAAAPAAOAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABBAG4AZAByAG8AaQBkAFMAdAB1AGQAaQBvAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAAAAwAAACwOwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
{0}\Logs\{1} Log.txt
16.0.0.0
FLevc.exe
FLevc.exe
FLevc.exe
DebugDelegate
0|%/
BlackMetal.Properties.Resources
BlackMetal.Properties.Resources.resources
get_SpellID
op_Addition
o0]%A
get_Mounted
get_Lootable
1i%AW
%AyE~
add_OnDebug
3System.Resources.Tools.StronglyTypedResourceBuilder
%GF?EyP
WriteDelegate
includeMeIfFound
Silenced
%Fiog
eyi%F
MulticastDelegate
PLAYER_FIELD_KILLS
System.Windows.Forms
remove_OnDebug
PLAYER_MASTERY
ITEM_FIELD_RANDOM_PROPERTIES_ID
PLAYER_GUILDDELETE_DATE
ITEM_FIELD_PROPERTY_SEED
UNIT_FIELD_TARGET
InvokeOnDebug
PLAYER_PROFESSION_SKILL_LINE_1
mscoree.dll
PLAYER_SHIELD_BLOCK_CRIT_PERCENTAGE
PLAYER_EXPLORED_ZONES_1
PLAYER_NO_REAGENT_COST_1
PLAYER_SKILL_INFO_1_1
PLAYER_FIELD_COINAGE
set_CurrentManager
get_CurrentManager
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADG
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADM
get_ResourceManager
Events_OnBotShutdown
get_Ghost
PLAYER_SHIELD_BLOCK
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
Type {0} is not currently supported.
add_OnWrite
ObjectManager
get_LogOnWrite
set_LogOnWrite
remove_OnWrite
PLAYER_RANGED_CRIT_PERCENTAGE
set_CheckOnClick
DebuggerBrowsableState
DebuggableAttribute
PLAYER_DODGE_PERCENTAGE
DebuggingModes
PLAYER_FIELD_LIFETIME_HONORBALE_KILLS
WriteDebug
PLAYER_PARRY_PERCENTAGE
PLAYER_CRIT_PERCENTAGE
ReferAFriendLinked
CORPSE_FLAG_HIDE_HELM
OBJECT_FIELD_SCALE_X

Foremost
Matches
0.exe, 459 KB, 126.png, 574 B, 127.png, 511 B, 128.png, 756 B, 130.png, 756 B, 132.png, 361 B, 133.png, 361 B, 134.png, 694 B, 136.png, 694 B, 137.png, 693 B, 139.png, 565 B, 141.png, 565 B, 142.png, 648 B, 144.png, 648 B, 145.png, 499 B, 146.png, 653 B, 148.png, 653 B, 150.png, 804 B, 151.png, 516 B, 154.png, 297 KB, 894.png, 10 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious: System.Xml, {0}\Logs\{1} Log.txt
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 30720
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 447378
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-07-02 20:15:15
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 1
.text: 180

pushpopmath
.rsrc: 2
.text: 222

garbagebytes
.rsrc: 1
.text: 71

hookdetection
.text: 5

software breakpoint
.text: 4

fakeconditionaljumps
.text: 5

programcontrolflowchange
.rsrc: 1
.text: 66

cpuinstructionsresultscomparison
.rsrc: 4
.text: 12

AVclass
None
1
VirusTotal
md5
9ec9c4dafd933140c050222c75d77a22
sha1
c48f2dcd8f4efc00977c55aa68de60349d88bf52
SCANS (DETECTION RATE = 25.00%)
AVG
update: 20200703
version: 18.4.3895.0
detected: False cancel

CMC
update: 20200703
version: 2.7.2019.1
detected: False cancel

MAX
update: 20200703
version: 2019.9.16.1
detected: False cancel

APEX
result: Malicious
update: 20200701
version: 6.43
detected: True check_circle

Bkav
update: 20200703
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200703
version: 11.119.34581
detected: False cancel

ALYac
update: 20200703
version: 1.1.1.5
detected: False cancel

Avast
update: 20200703
version: 18.4.3895.0
detected: False cancel

Avira
update: 20200703
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200628
version: 4.0.0.24
detected: False cancel

Cyren
result: W32/MSIL_Agent.BMD.gen!Eldorado
update: 20200703
version: 6.3.0.2
detected: True check_circle

DrWeb
update: 20200703
version: 7.0.46.3050
detected: False cancel

GData
update: 20200703
version: A:25.26102B:27.19308
detected: False cancel

Panda
update: 20200702
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200702
version: 4.4.1
detected: False cancel

VIPRE
update: 20200703
version: 84918
detected: False cancel

Zoner
update: 20200703
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200702
version: 0.102.3.0
detected: False cancel

Comodo
update: 20200703
version: 32592
detected: False cancel

Rising
result: Trojan.Kryptik!8.8 (CLOUD)
update: 20200703
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200703
version: 4.98.0
detected: False cancel

Yandex
update: 20200630
version: 5.5.2.24
detected: False cancel

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200703
version: 1.0.0.877
detected: False cancel

Cylance
update: 20200703
version: 2.3.1.101
detected: False cancel

Endgame
result: malicious (high confidence)
update: 20200608
version: 4.0.5
detected: True check_circle

FireEye
update: 20200703
version: 32.31.0.0
detected: False cancel

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200703
version: 2020-07-03.01
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200703
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200703
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200703
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_99%
update: 20200703
detected: True check_circle

Ad-Aware
update: 20200703
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20200703
version: 4.2
detected: False cancel

Emsisoft
update: 20200703
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20200703
version: 12.0.86.52
detected: False cancel

Fortinet
result: MSIL/GenKryptik.ENNT!tr
update: 20200703
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200702
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200703
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200703
version: 1.0
detected: True check_circle

Symantec
update: 20200703
version: 1.11.0.0
detected: False cancel

Trapmine
update: 20200619
version: 3.5.0.987
detected: False cancel

AhnLab-V3
update: 20200702
version: 3.18.0.10009
detected: False cancel

Antiy-AVL
update: 20200703
version: 3.0.0.1
detected: False cancel

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20200703
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200622
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200703
version: 1.1.17200.2
detected: True check_circle

Qihoo-360
update: 20200703
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
result: UDS:DangerousObject.Multi.Generic
update: 20200703
version: 1.0
detected: True check_circle

Cybereason
result: malicious.d8f4ef
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.WRQ
update: 20200703
version: 21593
detected: True check_circle

TrendMicro
update: 20200703
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20200703
version: 7.2
detected: False cancel

CrowdStrike
result: win/malicious_confidence_60% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200703
version: 11.119.34582
detected: False cancel

SentinelOne
update: 20200601
version: 4.3.0.105
detected: False cancel

Avast-Mobile
update: 20200702
version: 200702-00
detected: False cancel

Malwarebytes
update: 20200703
version: 3.6.4.335
detected: False cancel

CAT-QuickHeal
update: 20200703
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200703
version: 1.0.134.25119
detected: False cancel

BitDefenderTheta
update: 20200624
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20200703
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20200701
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.F0D1C00G320
update: 20200703
version: 10.0.0.1040
detected: True check_circle

total
68
sha256
b31c888c6d36ec26e3c9d3ebd99c56abc17f860d008700e3e7687007bd09cfcf
scan_id
b31c888c6d36ec26e3c9d3ebd99c56abc17f860d008700e3e7687007bd09cfcf-1593756583
resource
9ec9c4dafd933140c050222c75d77a22
positives
17
scan_date
2020-07-03 06:09:43
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
10/7/2020 - 17:45:43.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.684Open1480C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:45:43.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:45:43.700Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 17:45:43.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:45:43.715Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:43.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.43Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:45.90Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.840Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.840Open1480C:\malware.exeC:\
10/7/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\
10/7/2020 - 17:45:45.840Open1480C:\malware.exeC:\Monitor
10/7/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:45:45.840Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:45.840Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 17:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:45:46.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:45:46.637Open1480C:\malware.exeC:\malware.config
10/7/2020 - 17:45:46.637Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:46.684Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:46.684Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:45:47.200Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:47.247Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:47.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:47.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:47.747Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:45:47.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:47.747Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:47.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:47.762Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 17:45:47.762Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 17:45:47.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:47.762Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:47.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:47.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:47.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:47.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:47.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:47.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:47.762Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:45:47.778Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:47.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:45:47.778Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.997Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.137Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.137Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:49.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:50.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:50.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.997Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:51.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:51.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:51.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:51.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:51.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:51.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:51.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
10/7/2020 - 17:45:53.200Open1480C:\malware.exeC:\uxtheme.dll
10/7/2020 - 17:45:53.200Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:45:53.200Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:45:53.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
10/7/2020 - 17:45:53.293Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:53.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:53.387Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:53.434Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:53.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.543Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:45:53.762Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\ShFolder.DLL
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.762Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.762Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.778Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.778Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.793Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.793Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.793Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.793Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.793Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:53.793Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:53.793Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:53.825Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:53.840Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:53.840Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:53.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.903Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:53.903Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:53.903Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:53.903Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:53.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:53.997Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:53.997Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:53.997Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:53.997Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:54.137Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:54.137Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:54.137Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:54.137Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:54.231Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:54.231Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:54.231Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:54.231Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:54.325Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:54.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:54.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:54.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:54.465Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:54.512Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:54.512Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:54.512Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:54.606Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:54.606Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:54.606Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:54.606Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:54.793Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:54.840Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:54.840Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:54.840Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:54.934Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:54.981Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:54.981Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:54.981Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:55.75Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:55.75Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:55.75Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:55.75Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:55.168Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:55.168Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:55.168Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:55.168Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:55.262Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:55.262Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:45:55.262Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:45:55.262Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:45:55.356Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:45:55.356Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:45:55.356Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:45:55.356Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:45:55.450Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:45:55.497Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:45:55.497Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:45:55.497Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:45:55.778Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:45:55.918Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:45:55.918Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:45:55.918Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:45:56.200Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:45:56.340Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:45:56.340Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:45:56.340Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:45:56.481Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:45:56.528Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:45:56.528Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:45:56.528Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:45:56.622Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:45:56.668Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:56.668Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:56.668Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:57.325Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:58.28Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:58.434Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:58.856Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:59.231Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:45:59.231Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:45:59.231Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:45:59.887Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:0.590Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:0.965Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:1.434Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:1.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:1.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:1.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:1.950Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:1.997Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:1.997Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:1.997Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:2.325Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:2.653Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:2.653Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:2.653Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:2.981Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:3.309Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:3.309Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:3.309Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:3.684Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:4.762Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:4.762Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:4.762Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:5.325Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:5.700Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:5.700Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:5.700Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:5.700Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:5.700Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:6.215Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:6.825Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:7.340Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:7.809Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:8.278Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:8.606Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:8.700Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:8.700Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:8.700Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:8.887Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:8.887Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:8.887Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:8.887Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:8.981Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:8.981Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:8.981Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:8.981Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:9.215Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:9.215Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:9.215Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:9.356Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:9.403Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:9.403Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:9.403Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:9.637Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:9.637Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:9.637Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:9.637Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:9.731Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:9.731Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:9.731Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:9.731Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:9.825Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:9.825Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:9.825Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:9.825Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:9.965Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:10.106Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:10.106Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:10.106Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:10.247Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:10.387Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:10.387Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:10.387Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:10.387Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:10.387Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:10.387Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:10.387Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:10.434Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:10.434Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:10.434Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:10.434Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:10.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:10.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:10.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:10.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:10.622Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:10.715Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:10.715Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:10.715Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:10.903Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:10.950Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:10.950Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:10.950Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:11.90Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:11.184Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:11.184Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:11.184Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:11.278Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:11.372Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:11.372Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:11.372Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:11.372Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:11.700Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:11.887Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:11.887Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:11.887Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:11.981Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:11.981Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:11.981Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:11.981Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:12.75Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:12.75Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:12.75Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:12.75Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:12.168Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:12.168Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:12.168Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:12.168Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:12.168Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:12.168Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:12.168Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:12.168Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:12.309Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:12.403Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:12.403Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:12.403Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:12.450Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:12.450Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:12.450Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:12.450Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:12.590Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:12.684Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:12.684Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:12.684Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:12.778Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:12.778Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:12.778Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:12.778Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:12.872Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:12.872Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:12.872Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:12.872Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:12.965Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:12.965Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:12.965Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:12.965Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:13.59Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:13.59Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:13.59Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:13.59Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:13.153Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:13.153Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:13.153Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:13.153Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:13.293Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:13.293Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:13.293Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:13.293Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:13.434Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:13.434Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:13.434Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:13.434Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:13.481Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:13.481Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:13.481Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:13.481Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:13.528Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:13.622Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:13.622Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:13.622Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:13.622Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:13.622Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:13.622Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:13.622Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:13.715Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:13.715Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:13.715Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:13.715Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:13.809Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:13.809Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:13.809Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:13.809Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:13.903Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:13.903Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:13.903Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:13.903Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:13.997Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:13.997Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:13.997Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:13.997Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:14.90Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:14.90Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:14.90Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:14.90Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:14.184Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:14.184Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:14.184Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:14.184Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:14.278Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:14.278Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:14.278Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:14.278Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:14.372Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:14.372Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:14.372Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:14.372Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:14.465Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:14.465Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:14.465Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:14.465Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:14.653Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:14.653Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:14.653Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:14.653Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:14.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:14.747Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:14.747Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:14.747Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:14.887Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:14.934Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:14.934Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:14.934Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:15.75Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:15.122Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:15.122Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:15.122Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:15.309Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:15.309Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:15.309Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:15.309Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:15.403Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:15.403Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:15.403Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:15.403Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:15.590Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:15.590Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:15.590Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:15.590Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:15.684Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:15.684Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:15.684Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:15.684Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:15.778Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:15.778Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:15.778Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:15.778Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:15.872Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:15.872Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:15.872Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:15.872Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:16.12Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:16.59Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:16.59Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:16.59Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:16.153Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:16.153Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:16.153Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:16.153Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:16.153Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:16.153Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:16.153Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:16.153Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:16.247Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:16.247Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:16.247Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:16.247Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:16.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:16.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:16.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:16.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:16.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:16.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:16.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:16.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:16.528Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:16.528Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:16.528Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:16.528Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:16.715Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:16.715Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:16.715Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:16.715Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:17.43Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:17.231Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:17.231Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:17.231Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:17.325Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:17.325Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:17.325Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:17.325Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:17.418Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:17.418Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:17.418Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:17.418Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:17.512Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:17.512Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:17.512Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:17.512Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:17.653Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:17.793Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:17.793Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:17.793Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:17.934Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:18.75Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:18.75Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:18.75Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:18.168Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:18.168Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:18.168Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:18.168Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:18.262Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:18.262Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:18.262Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:18.262Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:18.450Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:18.450Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:18.450Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:18.450Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:18.543Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:18.543Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:18.543Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:18.543Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:18.825Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:18.825Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:18.825Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:18.825Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:18.918Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:18.918Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:18.918Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:18.918Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:19.12Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:19.12Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:19.12Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:19.12Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:19.481Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:19.575Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:19.575Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:19.575Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:19.856Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:20.231Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:20.325Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:20.325Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:20.325Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:20.981Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:20.981Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:20.981Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:20.981Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:21.75Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:21.75Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:21.75Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:21.75Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:21.731Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:21.731Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:21.731Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:21.731Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:21.825Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:21.825Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:21.825Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:21.825Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:22.12Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:22.12Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:22.12Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:22.12Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:22.481Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:22.481Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:22.481Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:22.481Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:22.575Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:22.575Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:22.575Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:22.575Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:22.762Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:22.762Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:22.762Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:22.762Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:22.856Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:22.856Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:22.856Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:22.856Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:23.43Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:23.43Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:23.43Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:23.43Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:23.137Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:23.137Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:23.137Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:23.137Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:23.325Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:23.325Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:23.325Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:23.325Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:23.418Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:23.418Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:23.418Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:23.418Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:23.512Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:23.512Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:23.512Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:23.512Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:23.606Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:23.606Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:23.606Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:23.606Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:23.700Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:23.700Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:23.700Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:23.700Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:23.793Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:23.793Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:23.793Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:23.793Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:23.981Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:23.981Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:23.981Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:23.981Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:24.75Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:24.75Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:24.75Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:24.75Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:24.168Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:24.168Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:24.168Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:24.168Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:24.262Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:24.262Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:24.262Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:24.262Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:24.356Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:24.356Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:24.356Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:24.356Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:24.731Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:26.43Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:26.559Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:27.215Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:28.59Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:29.512Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:29.512Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:29.512Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:29.606Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:29.700Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:29.700Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:29.700Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:30.75Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:30.75Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:30.75Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:32.778Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:32.778Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:32.778Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:32.872Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:32.872Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:32.872Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:32.872Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:32.965Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:32.965Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:32.965Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:32.965Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:33.997Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:33.997Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:33.997Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:33.997Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:34.184Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:34.184Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:34.184Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:34.184Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:34.278Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:34.278Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:34.278Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:34.278Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:34.559Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:34.559Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:34.559Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:34.559Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:34.700Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:34.700Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:34.700Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:34.700Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:34.934Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:34.934Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:34.934Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:34.981Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.28Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.75Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:35.75Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.122Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.168Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.215Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.262Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.309Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.356Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.403Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:35.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:35.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:35.965Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:35.965Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:35.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:35.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:36.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:36.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:36.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.668Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
10/7/2020 - 17:46:36.668Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
10/7/2020 - 17:46:36.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:36.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:36.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:36.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:36.903Open1480C:\malware.exeC:\WindowsCodecs.dll
10/7/2020 - 17:46:36.903Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:46:36.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:46:36.903Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:46:36.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:46:36.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:36.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:37.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:37.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:46:37.184Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:46:37.325Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:46:37.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:37.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:37.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:37.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:37.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:37.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:37.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:37.840Open1480C:\malware.exeC:\malware.config
10/7/2020 - 17:46:37.840Open1480C:\malware.exeC:\pt-BR\FLevc.resources.dll
10/7/2020 - 17:46:37.840Open1480C:\malware.exeC:\pt-BR\FLevc.resources\FLevc.resources.dll
10/7/2020 - 17:46:37.840Open1480C:\malware.exeC:\pt-BR\FLevc.resources.exe
10/7/2020 - 17:46:37.840Open1480C:\malware.exeC:\pt-BR\FLevc.resources\FLevc.resources.exe
10/7/2020 - 17:46:37.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:46:37.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.75Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.75Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.75Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\pt\FLevc.resources.dll
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\pt\FLevc.resources\FLevc.resources.dll
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\pt\FLevc.resources.exe
10/7/2020 - 17:46:38.75Open1480C:\malware.exeC:\pt\FLevc.resources\FLevc.resources.exe
10/7/2020 - 17:46:38.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.90Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.90Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:38.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:38.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:38.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:38.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:38.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
10/7/2020 - 17:46:38.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:11.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:12.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:12.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:14.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:14.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.950Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:15.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:16.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:16.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:16.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:16.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.700Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.700Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.700Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 17:47:16.747Open1480C:\malware.exeC:\VERSION.dll
10/7/2020 - 17:47:16.747Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:16.747Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:16.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:17.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:17.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.340Open1480C:\malware.exeC:\pt-BR\Lazarus.resources.dll
10/7/2020 - 17:47:18.340Open1480C:\malware.exeC:\pt-BR\Lazarus.resources\Lazarus.resources.dll
10/7/2020 - 17:47:18.340Open1480C:\malware.exeC:\pt-BR\Lazarus.resources.exe
10/7/2020 - 17:47:18.340Open1480C:\malware.exeC:\pt-BR\Lazarus.resources\Lazarus.resources.exe
10/7/2020 - 17:47:18.340Open1480C:\malware.exeC:\pt\Lazarus.resources.dll
10/7/2020 - 17:47:18.340Open1480C:\malware.exeC:\pt\Lazarus.resources\Lazarus.resources.dll
10/7/2020 - 17:47:18.340Open1480C:\malware.exeC:\pt\Lazarus.resources.exe
10/7/2020 - 17:47:18.340Open1480C:\malware.exeC:\pt\Lazarus.resources\Lazarus.resources.exe
10/7/2020 - 17:47:18.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:18.434Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:18.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:18.575Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:18.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:18.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:18.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:18.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.325Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.325Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:19.325Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:19.325Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.418Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
10/7/2020 - 17:47:19.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.418Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.418Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
10/7/2020 - 17:47:19.465Read1496C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
10/7/2020 - 17:47:19.465Open1496C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:19.465Open1496C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:19.465Unknown1496C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:19.465Read1496C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:19.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
10/7/2020 - 17:47:19.465Read876C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
10/7/2020 - 17:47:19.465Open876C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:19.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:19.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:19.481Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:19.481Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:19.481Open876C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.481Unknown876C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.481Unknown876C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.481Open876C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:19.481Unknown876C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:19.481Unknown876C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:19.481Open876C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:19.528Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:19.528Unknown1496C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:19.528Unknown876C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:19.528Open876C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[8].XML
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:19.543Read876C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:19.543Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:19.543Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.543Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.543Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.543Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:19.528Open1496C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[8].XML
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:19.543Read876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:19.543Read876C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:19.543Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.543Unknown1496C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:19.543Unknown1496C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:19.543Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:19.543Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:19.543Unknown876C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 17:47:19.543Open876C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.543Unknown876C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.559Open876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.559Open876C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:19.559Open876C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:19.559Open876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:19.559Open876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:19.559Open876C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
10/7/2020 - 17:47:19.559Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.559Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.559Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 17:47:19.559Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:19.559Unknown1496C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:19.559Open1496C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[8].XML
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[8].XML
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:19.575Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:19.575Read1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:19.575Unknown1496C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:19.653Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.653Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.653Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.653Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.653Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.653Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:19.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:19.700Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.700Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.700Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.700Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.700Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.700Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 17:47:19.700Open876C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:47:19.715Open876C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:47:19.715Open876C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:19.715Open876C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:19.762Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\malware.config
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.762Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.762Unknown876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.762Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.762Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.762Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.778Open876C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 17:47:19.778Open876C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 17:47:19.778Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:19.778Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.778Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:19.778Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.778Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.778Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.778Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.778Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.778Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.778Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:19.778Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.778Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:19.778Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.778Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:19.778Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:19.778Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:19.778Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:19.793Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.793Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.793Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.793Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.793Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:19.793Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:19.793Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:19.793Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:19.793Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:19.793Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:19.793Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.840Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1115234
10/7/2020 - 17:47:19.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1115234
10/7/2020 - 17:47:19.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1115234
10/7/2020 - 17:47:19.840Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.840Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:19.840Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.887Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:47:19.887Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:47:19.887Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.887Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:19.887Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:19.887Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
10/7/2020 - 17:47:19.887Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:19.934Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.981Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.981Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:19.981Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:19.981Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.981Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.981Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.981Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.981Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.981Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.981Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.981Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\bcrypt.dll
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 17:47:19.981Open876C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 17:47:20.28Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.75Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.168Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.215Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.262Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.309Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.356Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.403Open876C:\malware.exeC:\dwmapi.dll
10/7/2020 - 17:47:20.403Open876C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 17:47:20.403Open876C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 17:47:20.403Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.450Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.497Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.543Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:20.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:20.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\VERSION.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:20.590Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:20.637Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.684Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.731Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.778Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.825Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.872Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.918Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.965Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:21.12Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:21.59Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.106Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:21.153Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:21.200Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:21.247Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:21.293Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
10/7/2020 - 17:47:32.700Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Open876C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:32.700Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:32.700Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:32.809Open876C:\malware.exeC:\RpcRtRemote.dll
10/7/2020 - 17:47:32.809Open876C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:32.809Unknown876C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:32.809Open876C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:32.809Unknown876C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 17:47:32.856Unknown876C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 17:47:32.856Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 17:47:32.872Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 17:47:32.872Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 17:47:33.59Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 17:47:33.59Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 17:47:33.528Open876C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 17:47:33.528Open876C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 17:47:33.528Open876C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
10/7/2020 - 17:47:33.528Open876C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 17:47:33.528Open876C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:33.950Open876C:\malware.exeC:\SXS.DLL
10/7/2020 - 17:47:33.950Open876C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 17:47:33.950Open876C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 17:47:33.950Open876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.950Open876C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:33.950Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:33.965Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.965Read876C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:33.965Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:34.434Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:34.434Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:34.434Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:34.434Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:34.434Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:34.434Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:34.434Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:34.434Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:34.434Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.450Read876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.450Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:34.450Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:34.450Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:34.450Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:34.450Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:34.450Open876C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
10/7/2020 - 17:47:35.387Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 17:47:35.387Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:35.387Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.387Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.434Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.434Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.434Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:35.481Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.481Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.528Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.575Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:35.622Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:35.668Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 17:47:35.715Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:35.715Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 17:47:35.715Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:35.762Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:35.809Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:35.856Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:35.903Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 17:47:35.903Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:35.903Open876C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:35.903Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:35.903Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:35.903Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:35.903Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:35.903Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:36.90Read876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:36.418Open876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
10/7/2020 - 17:47:42.200Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:42.200Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:42.200Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:45.278Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:45.372Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:48.465Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:48.465Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:52.637Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:52.637Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
10/7/2020 - 17:47:52.637Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe:Zone.Identifier
10/7/2020 - 17:48:3.950Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:3.997Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:4.43Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:4.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.137Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.184Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.231Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.278Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:4.325Open876C:\malware.exeC:\shfolder.dll
10/7/2020 - 17:48:4.325Open876C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:48:4.325Open876C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:48:4.325Open876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:48:4.325Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:48:4.325Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.372Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:4.434Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:4.481Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
10/7/2020 - 17:48:4.590Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
10/7/2020 - 17:48:4.606Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.653Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.700Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.747Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.793Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.840Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.887Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.934Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:4.981Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:5.28Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:5.75Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:5.122Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 17:48:5.122Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:5.168Open876C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 17:48:5.168Open876C:\malware.exeC:\malware.config
10/7/2020 - 17:48:5.168Open876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:5.168Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:5.262Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:5.262Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:5.356Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.356Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:5.356Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.403Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.450Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.497Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.543Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:5.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:5.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:5.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:5.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.590Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:5.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.590Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.590Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.637Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:5.684Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:5.731Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:5.778Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 17:48:5.778Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:5.825Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:5.872Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:6.153Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:6.200Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:48:6.247Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:48:6.247Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\FTP Navigator\Ftplist.txt
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 17:48:6.247Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 17:48:6.309Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:6.356Open876C:\malware.exeC:\Storage
10/7/2020 - 17:48:6.356Open876C:\malware.exeC:\mail
10/7/2020 - 17:48:6.356Open876C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
10/7/2020 - 17:48:6.356Open876C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
10/7/2020 - 17:48:6.356Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
10/7/2020 - 17:48:6.356Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
10/7/2020 - 17:48:6.356Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:6.403Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
10/7/2020 - 17:48:6.403Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
10/7/2020 - 17:48:6.403Open876C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
10/7/2020 - 17:48:6.403Open876C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script
10/7/2020 - 17:48:6.403Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:6.450Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 17:48:6.450Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 17:48:6.450Open876C:\malware.exeC:\Monitor\Folder.lst
10/7/2020 - 17:48:6.450Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
10/7/2020 - 17:48:6.450Open876C:\malware.exeC:\Program Files (x86)
10/7/2020 - 17:48:6.450Unknown876C:\malware.exeC:\Program Files (x86)
10/7/2020 - 17:48:6.450Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:6.497Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:6.543Open876C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
10/7/2020 - 17:48:6.543Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:6.590Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:6.637Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 17:48:6.637Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:6.684Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:6.731Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 17:48:6.731Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 17:48:6.731Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 17:48:6.731Open876C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
10/7/2020 - 17:48:6.731Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 17:48:6.731Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 17:48:6.731Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
10/7/2020 - 17:48:6.731Open876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:6.778Open876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.59Open876C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 17:48:7.59Open876C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 17:48:7.59Open876C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 17:48:7.106Open876C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 17:48:7.481Open876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:7.481Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:7.528Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
10/7/2020 - 17:48:7.528Open876C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:7.528Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:7.575Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:7.575Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.622Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.622Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.622Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.668Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.715Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.762Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.809Read876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.856Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:7.856Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:7.856Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.856Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.856Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.856Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.856Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.856Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:7.856Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:7.903Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:7.950Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:7.997Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:8.43Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:8.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:8.137Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:8.184Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:8.231Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
10/7/2020 - 17:48:8.231Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:8.278Open876C:\malware.exeC:\vaultcli.dll
10/7/2020 - 17:48:8.278Open876C:\malware.exeC:\vaultcli.dll
10/7/2020 - 17:48:8.278Open876C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 17:48:8.278Open876C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 17:48:9.59Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:9.59Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 17:48:9.59Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
10/7/2020 - 17:48:9.75Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 17:48:9.90Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Open876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:48:9.90Unknown876C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.90Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.106Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.153Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:9.200Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
10/7/2020 - 17:48:9.200Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
10/7/2020 - 17:48:9.200Open876C:\malware.exeC:\cftp\Ftplist.txt
10/7/2020 - 17:48:15.372Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:15.418Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:15.465Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:15.512Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:15.512Open876C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:48:15.512Open876C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:48:15.512Open876C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:48:15.512Open876C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:48:15.559Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:15.653Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:15.700Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:15.747Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:15.793Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:15.840Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll

Process
Trace
10/7/2020 - 17:47:19.325Create1480C:\malware.exe1496C:\malware.exe
10/7/2020 - 17:47:19.418Create1480C:\malware.exe876C:\malware.exe
10/7/2020 - 17:47:19.575Terminate1480C:\malware.exe1496C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
10/7/2020 - 17:45:53.762Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
10/7/2020 - 17:47:48.512Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runnewapp

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 70.09%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 61.56%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 50.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 61.63%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.97%
suspicious: True check_circle

Add to Collection
Download