Report #10858 check_circle

Binary
DLL
False cancel
Size
457.00KB
trid
55.8% Generic CIL Executable
21.0% Win64 Executable
9.9% Windows screen saver
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
052b59dc9ed3a1e410580bd0e6056b73
sha1
c4c9ff0c33fc18192409ecdc5c93e40228b2d687
crc32
0x661f39ef
sha224
15052f52b345a064446f9c09a03c71ab8f986a81e88c44559f61226d
sha256
17bf4172650d0fbc833533880e7ed702fef86180f55c5a51d1f93d3c55f1577f
sha384
7e18f5a3c68ebcae1f57f779874d02e704c10f4def4ae0cb3ee4b844d008707c79a4025215eb477bacbb6c252860fd57
sha512
3f766271808ba314759fa91297e090913513ced65cf13ff35e90ad869a959a30528a9ad1203fff4ed6694136a3e06a4bb861ec9015cb5e0720baf6c7033e8626
ssdeep
12288:lCkjR0e/p+lCAcBc/QUtkR445m4rOJy4BoB:lfR0e/p+cJU44aruy4Bo
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Big_Numbers3, contentis_base64, NETexecutableMicrosoft, IsNET_EXE, IsPacked, IP, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
System.IO
h.tf
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
VersiveProject.Properties
4.CG
WJ.nE
-6.co
c.Dj
uB.tn>
#Powered by SmartAssembly 7.3.0.3296
VersiveProject.Properties.Resources
VersiveProject.Properties.Resources.resources
levels.txt
CoreModel.dll
CoreModel.dll
CoreModel.dll
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
16.0.0.0
TqeUYtg.exe
TqeUYtg.exe
TqeUYtg.exe
wro`!
`\%st4p
%hn7"
Un%dM(`
m:h%i
%iL0nG
3System.Resources.Tools.StronglyTypedResourceBuilder
toRemove
DeleteMethods
MulticastDelegate
System.Windows.Forms
i%aAio
mscoree.dll
mscoree.dll
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
get_Magenta
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
cell_backUP
CoreModel.Setup
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADC
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADM
get_ResourceManager
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
From {0} to {1} {2} should be {3} but is {4}
SmartAssembly.Attributes
set_CheckOnClick
DebuggerBrowsableState
DebuggableAttribute
DebuggableAttribute
ToolStripControlHost
ShitToUpperTree
DebuggingModes
DebuggingModes
DeleteSetup
ResourceManager
helpMenu
helpMenu
d42e
B0ae
Eac9
UserStepOnLevelMap
Print Setup
Delet eSetup
Adobe Heiti Std R
S1aS

Foremost
Matches
0.exe, 457 KB, 126.png, 597 B, 127.png, 534 B, 129.png, 779 B, 131.png, 779 B, 132.png, 384 B, 134.png, 384 B, 135.png, 717 B, 136.png, 717 B, 138.png, 716 B, 140.png, 588 B, 141.png, 588 B, 143.png, 671 B, 144.png, 671 B, 146.png, 522 B, 147.png, 676 B, 149.png, 676 B, 151.png, 827 B, 152.png, 539 B, 155.png, 366 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: CoreModel.dll, mscoree.dll
hasFiles: True check_circle
Suspicious: levels.txt
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 472970
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious: coremodel.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-06-22 00:13:40
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
454715
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 240

pushpopmath
.text: 124

ss register
.text: 2

garbagebytes
.text: 67

hookdetection
.text: 9

software breakpoint
.text: 5

fakeconditionaljumps
.text: 5

programcontrolflowchange
.text: 62

cpuinstructionsresultscomparison
.text: 9

AVclass
ymacco
1
VirusTotal
md5
052b59dc9ed3a1e410580bd0e6056b73
sha1
c4c9ff0c33fc18192409ecdc5c93e40228b2d687
SCANS (DETECTION RATE = 76.39%)
AVG
result: Win32:MalwareX-gen [Trj]
update: 20200706
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200706
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=84)
update: 20200706
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200704
version: 6.44
detected: True check_circle

Bkav
update: 20200706
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 005608181 )
update: 20200706
version: 11.120.34604
detected: True check_circle

ALYac
result: Trojan.GenericKD.43373146
update: 20200706
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:MalwareX-gen [Trj]
update: 20200706
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.sbdzc
update: 20200706
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200706
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/MSIL_Agent.BLB.gen!Eldorado
update: 20200706
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.PackedNET.342
update: 20200706
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.43373146
update: 20200706
version: A:25.26143B:27.19349
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200706
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.PSW
update: 20200706
version: 4.4.1
detected: True check_circle

VIPRE
result: Win32.Malware!Drop
update: 20200706
version: 85000
detected: True check_circle

Zoner
update: 20200705
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200706
version: 0.102.3.0
detected: False cancel

Comodo
result: Malware@#3dwmubif96jr
update: 20200706
version: 32602
detected: True check_circle

F-Prot
update: 20200706
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.MSIL.Inject
update: 20200706
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic.dx
update: 20200706
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Agent!8.C6 (CLOUD)
update: 20200706
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200706
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Igent.bTXu8R.8
update: 20200703
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Autorun.Win32.1
update: 20200706
version: 2.0.0.4124
detected: True check_circle

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
result: TrojanPSW:MSIL/Ymacco.4abbed7c
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D295D25A
update: 20200706
version: 1.0.0.877
detected: True check_circle

Cylance
result: Unsafe
update: 20200706
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200608
version: 4.0.5
detected: True check_circle

FireEye
result: Generic.mg.052b59dc9ed3a1e4
update: 20200706
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200706
version: 2020-07-06.02
detected: False cancel

Tencent
result: Msil.Worm.Autorun.Crj
update: 20200706
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200706
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Gen
update: 20200706
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_98%
update: 20200706
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.43373146
update: 20200706
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.Agensla.i!c
update: 20200706
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.43373146 (B)
update: 20200706
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Kryptik.sbdzc
update: 20200706
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/PWS.6B73!tr
update: 20200706
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200502
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: Trojan.PSW.MSIL.agmz
update: 20200706
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200706
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200706
version: 1.0
detected: True check_circle

Symantec
result: Trojan Horse
update: 20200706
version: 1.11.0.0
detected: True check_circle

Trapmine
result: suspicious.low.ml.score
update: 20200619
version: 3.5.0.987
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.AgentTesla.R341326
update: 20200706
version: 3.18.0.10009
detected: True check_circle

Antiy-AVL
update: 20200706
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200706
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Ymacco.AA17
update: 20200706
version: 1.1.17200.2
detected: True check_circle

Qihoo-360
result: Generic/Trojan.PSW.374
update: 20200706
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200706
version: 1.0
detected: True check_circle

Cybereason
result: malicious.c33fc1
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: MSIL/Autorun.Spy.Agent.DF
update: 20200706
version: 21609
detected: True check_circle

TrendMicro
result: TROJ_FRS.VSNW17F20
update: 20200706
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.43373146
update: 20200706
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005608181 )
update: 20200706
version: 11.120.34608
detected: True check_circle

SentinelOne
update: 20200601
version: 4.3.0.105
detected: False cancel

Avast-Mobile
update: 20200705
version: 200705-00
detected: False cancel

Malwarebytes
result: Spyware.AgentTesla
update: 20200706
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200706
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojanpws.Msil
update: 20200705
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20200706
version: 1.0.134.25119
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilCO.34130.Cm0@ayvvQyd
update: 20200624
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.43373146
update: 20200706
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200703
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_FRS.VSNW17F20
update: 20200706
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
17bf4172650d0fbc833533880e7ed702fef86180f55c5a51d1f93d3c55f1577f
scan_id
17bf4172650d0fbc833533880e7ed702fef86180f55c5a51d1f93d3c55f1577f-1594048560
resource
052b59dc9ed3a1e410580bd0e6056b73
positives
55
scan_date
2020-07-06 15:16:00
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
10/7/2020 - 17:45:45.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.637Open1480C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:45:45.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 17:45:45.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 17:45:45.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 17:45:45.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 17:45:45.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:45:45.653Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:45.653Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:45.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:45:45.653Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.653Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:45:45.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.512Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:47.559Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:47.606Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:48.309Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\
10/7/2020 - 17:45:48.309Unknown1480C:\malware.exeC:\
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\Monitor
10/7/2020 - 17:45:48.309Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:48.309Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:48.309Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:45:48.309Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:45:48.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:45:48.356Open1480C:\malware.exeC:\malware.config
10/7/2020 - 17:45:48.356Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:48.356Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:48.356Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:48.356Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:48.372Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:45:48.372Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:48.372Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:48.372Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:48.372Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:48.372Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:48.372Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:45:48.372Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:48.372Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:48.372Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:48.387Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 17:45:48.387Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 17:45:48.387Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:48.387Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:48.387Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:48.387Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:45:48.387Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:48.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:45:48.403Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:48.497Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.637Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.637Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:50.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:50.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:51.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:51.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:51.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:51.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:51.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:51.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
10/7/2020 - 17:45:54.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
10/7/2020 - 17:45:54.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:54.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:54.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:54.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.325Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:55.575Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
10/7/2020 - 17:45:55.575Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:45:55.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:45:55.575Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:45:55.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:45:55.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\ShFolder.DLL
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:55.622Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:55.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:55.622Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:55.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:55.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:55.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:55.622Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:55.637Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:55.637Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:55.637Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:55.637Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:55.637Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:55.637Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:55.637Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:55.637Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:55.637Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:55.840Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:55.887Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:55.934Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:55.934Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:55.934Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:55.934Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:56.75Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:56.122Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:56.122Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:56.122Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:56.215Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:56.262Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:56.262Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:56.262Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:56.403Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:56.450Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:56.450Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:56.450Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:56.590Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:56.637Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:56.637Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:56.637Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:56.731Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:56.731Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:56.731Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:56.731Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:56.825Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:56.825Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:56.825Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:56.825Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:56.918Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:56.918Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:56.918Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:56.918Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:57.59Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:57.200Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:57.247Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:57.247Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:57.247Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:57.340Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:57.387Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:57.387Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:57.387Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:57.481Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:57.481Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:57.481Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:57.481Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:57.575Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:57.575Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:57.575Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:57.575Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:58.137Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:58.559Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:58.606Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:58.653Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:58.653Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:58.653Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:58.653Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:58.747Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:58.747Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:58.747Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:58.747Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:58.887Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:58.887Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:58.887Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:58.887Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:58.981Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:58.981Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:58.981Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:58.981Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:59.106Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:59.153Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:59.153Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:59.153Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:59.247Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:59.293Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:59.293Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:59.293Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:59.387Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:59.387Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:59.387Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:59.387Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:59.481Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:59.481Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:59.481Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:59.481Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:59.575Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:59.622Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:59.622Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:59.622Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:59.715Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:59.762Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:59.762Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:59.762Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:59.856Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:59.856Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:59.856Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:59.856Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:59.950Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:59.950Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:59.950Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:59.950Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:46:0.43Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:46:0.43Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:46:0.43Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:46:0.43Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:46:0.137Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:46:0.137Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:46:0.137Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:46:0.137Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:46:0.231Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:46:0.278Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:0.278Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:0.278Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:0.559Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:0.700Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:46:0.700Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:46:0.700Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:46:0.981Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:46:1.122Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:46:1.122Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:46:1.122Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:46:1.262Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:46:1.309Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:46:1.309Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:46:1.309Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:46:1.403Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:46:1.450Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:1.450Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:1.450Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:2.106Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:2.809Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:3.184Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:3.606Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:3.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:3.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:3.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:4.637Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:5.340Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:5.747Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:6.168Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:6.731Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:6.778Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:6.778Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:6.778Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:7.434Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:7.434Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:7.434Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:7.762Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:10.59Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:10.434Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:10.434Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:10.434Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:10.434Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:10.434Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:10.950Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:11.418Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:11.418Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:11.418Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:11.418Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:11.418Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:11.559Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:11.653Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:11.653Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:11.653Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:12.75Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:12.403Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:12.543Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:12.637Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:12.637Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:12.684Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:13.59Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:13.387Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:13.481Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:13.481Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:13.481Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:13.575Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:13.575Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:13.575Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:13.575Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:13.668Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:13.668Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:13.668Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:13.668Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:13.762Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:13.762Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:13.762Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:13.762Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:13.903Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:13.997Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:13.997Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:13.997Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:14.137Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:14.184Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:14.184Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:14.184Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:14.325Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:14.325Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:14.325Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:14.325Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:14.418Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:14.418Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:14.418Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:14.418Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:14.512Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:14.512Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:14.512Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:14.512Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:14.606Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:14.606Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:14.606Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:14.606Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:14.747Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:14.887Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:14.887Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:14.887Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:15.28Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:15.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:15.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:15.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:15.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:15.403Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:15.637Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:15.684Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:15.684Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:15.684Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:15.825Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:15.918Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:15.918Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:15.918Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:16.12Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:16.106Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:16.106Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:16.106Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:16.106Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:16.434Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:16.715Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:16.715Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:16.715Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:16.715Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:16.809Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:16.903Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:17.43Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:17.137Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:17.137Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:17.137Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:17.184Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:17.184Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:17.184Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:17.184Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:17.325Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:17.418Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:17.418Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:17.418Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:17.512Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:17.512Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:17.512Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:17.512Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:17.606Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:17.606Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:17.606Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:17.606Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:17.700Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:17.700Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:17.700Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:17.700Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:17.793Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:17.793Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:17.793Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:17.793Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:17.887Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:17.887Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:17.887Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:17.887Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:18.28Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:18.28Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:18.28Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:18.28Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:18.168Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:18.168Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:18.168Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:18.168Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:18.215Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:18.215Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:18.215Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:18.215Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:18.262Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:18.356Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:18.450Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:18.450Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:18.450Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:18.450Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:18.543Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:18.543Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:18.543Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:18.543Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:18.825Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:18.825Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:18.825Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:18.825Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:18.918Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:18.918Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:18.918Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:18.918Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:19.12Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:19.12Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:19.12Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:19.12Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:19.293Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:19.293Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:19.293Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:19.293Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:19.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:19.481Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:19.481Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:19.481Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:19.622Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:19.668Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:19.668Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:19.668Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:19.809Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:19.856Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:19.856Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:19.856Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:20.43Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:20.43Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:20.43Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:20.43Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:20.137Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:20.137Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:20.137Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:20.137Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:20.231Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:20.231Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:20.231Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:20.231Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:20.325Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:20.325Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:20.325Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:20.325Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:20.747Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:20.981Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:20.981Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:20.981Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:20.981Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:21.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:21.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:21.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:21.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:21.778Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:21.965Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:21.965Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:21.965Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:22.59Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:22.59Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:22.59Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:22.59Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:22.153Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:22.153Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:22.153Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:22.153Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:23.184Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:23.184Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:23.184Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:23.184Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:26.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:26.559Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:26.559Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:26.559Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:27.122Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:27.122Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:27.122Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:27.122Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:27.215Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:27.215Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:27.215Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:27.215Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:27.309Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:27.309Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:27.309Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:27.309Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:27.403Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:27.403Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:27.403Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:27.403Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:27.497Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:27.497Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:27.497Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:27.497Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:27.684Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:27.684Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:27.684Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:27.684Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:27.778Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:27.778Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:27.778Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:27.778Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:27.965Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:27.965Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:27.965Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:27.965Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:28.59Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:28.59Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:28.59Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:28.59Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:28.153Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:28.153Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:28.153Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:28.153Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:28.247Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:28.247Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:28.247Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:28.247Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:28.340Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:28.340Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:28.340Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:28.340Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:28.434Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:28.434Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:28.434Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:28.434Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:29.606Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:29.606Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:29.606Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:30.122Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:31.809Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:31.809Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:31.809Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:32.184Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:32.184Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:32.184Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:32.684Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:32.684Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:32.684Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:32.825Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:33.340Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:33.340Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:33.340Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:33.340Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:33.528Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:33.528Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:33.528Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:33.528Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:33.668Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:33.856Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:34.278Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:34.278Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:34.278Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:34.372Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:34.559Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:34.747Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:35.122Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:35.168Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:35.168Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:35.168Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:35.262Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:35.684Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:35.684Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:35.684Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:35.684Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:35.918Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:37.512Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:37.512Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:37.512Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:37.606Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:37.606Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:37.606Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:37.606Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:37.700Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:37.700Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:37.700Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:37.700Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:37.793Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:37.793Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:37.793Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:37.793Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:38.168Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:38.168Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:38.168Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:38.168Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:38.731Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:38.731Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:38.731Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:38.731Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:38.825Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:38.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:38.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:38.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:39.12Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:39.12Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:39.12Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:39.12Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:39.293Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:39.293Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:39.293Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:39.293Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:39.575Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:39.575Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:39.575Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:39.575Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:39.668Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:39.668Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:39.668Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:39.715Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:39.762Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:39.809Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:39.809Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:39.856Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:39.903Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:39.950Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:39.997Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:40.43Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:40.90Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:40.137Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:40.137Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:40.137Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:40.137Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:40.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:40.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:40.653Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:40.653Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:40.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:40.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:40.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:40.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:40.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:40.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:40.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:41.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:41.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.731Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
10/7/2020 - 17:46:41.731Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
10/7/2020 - 17:46:41.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:41.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:41.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:41.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:41.965Open1480C:\malware.exeC:\WindowsCodecs.dll
10/7/2020 - 17:46:41.965Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:46:41.965Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:46:41.965Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:46:41.965Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:46:41.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:42.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:42.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:42.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:42.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:42.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:42.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:42.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:42.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:42.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:42.575Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:46:42.575Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:46:42.715Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:46:42.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:42.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:42.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.278Open1480C:\malware.exeC:\malware.config
10/7/2020 - 17:46:43.278Open1480C:\malware.exeC:\pt-BR\TqeUYtg.resources.dll
10/7/2020 - 17:46:43.278Open1480C:\malware.exeC:\pt-BR\TqeUYtg.resources\TqeUYtg.resources.dll
10/7/2020 - 17:46:43.278Open1480C:\malware.exeC:\pt-BR\TqeUYtg.resources.exe
10/7/2020 - 17:46:43.278Open1480C:\malware.exeC:\pt-BR\TqeUYtg.resources\TqeUYtg.resources.exe
10/7/2020 - 17:46:43.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:46:43.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:43.512Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:43.512Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:43.512Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\pt\TqeUYtg.resources.dll
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\pt\TqeUYtg.resources\TqeUYtg.resources.dll
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\pt\TqeUYtg.resources.exe
10/7/2020 - 17:46:43.512Open1480C:\malware.exeC:\pt\TqeUYtg.resources\TqeUYtg.resources.exe
10/7/2020 - 17:46:43.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:43.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:43.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\VERSION.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:43.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:43.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:44.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:45.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:46.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:46.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:46.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:46.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:46.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:46.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:21.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:21.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.106Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
10/7/2020 - 17:47:22.106Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 17:47:22.106Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
10/7/2020 - 17:47:22.106Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 17:47:22.106Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
10/7/2020 - 17:47:22.106Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 17:47:22.106Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
10/7/2020 - 17:47:22.106Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 17:47:22.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:22.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:22.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:22.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:22.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:22.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:22.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:22.856Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 17:47:22.903Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:22.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:22.997Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:22.997Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:23.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:23.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:23.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:23.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:23.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:23.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:23.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:23.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:23.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:23.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:23.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:23.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:23.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:23.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:23.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:23.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:53.778Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.778Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:53.778Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:53.778Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
10/7/2020 - 17:47:53.825Read2744C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
10/7/2020 - 17:47:53.825Open2744C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Monitor
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Monitor
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Monitor
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:53.825Read2744C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:53.825Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:53.825Open2744C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:53.825Unknown2744C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ASYNC_USERSYNC[1].JS
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[5].XML
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:53.840Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:53.840Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[5].XML
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:53.856Read2744C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Monitor
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:53.856Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 17:47:53.856Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:53.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\Windows
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:53.872Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.872Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.872Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.872Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.872Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 17:47:53.872Open2744C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:53.872Unknown2744C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Monitor
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\Monitor
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.887Unknown2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:53.887Open2744C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:53.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:53.950Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\malware.config
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.950Unknown2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:53.950Unknown2744C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.950Unknown2744C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.950Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.950Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:53.950Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:53.981Open2744C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 17:47:53.981Open2744C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 17:47:53.981Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:53.981Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.981Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:53.981Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.981Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.981Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.981Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.981Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.981Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:53.981Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:54.75Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:54.75Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:54.75Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:54.75Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:54.75Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:54.75Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:54.75Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:54.75Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.75Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.75Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.75Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.75Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:54.75Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:54.75Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:54.75Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:54.75Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:54.75Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:54.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\RpcRtRemote.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:54.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:54.75Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:54.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:54.137Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:54.184Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:54.231Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:54.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1117171
10/7/2020 - 17:47:54.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1117171
10/7/2020 - 17:47:54.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1117187
10/7/2020 - 17:47:54.231Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:54.231Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:54.231Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:54.278Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:47:54.278Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:47:54.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:54.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:54.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:54.278Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
10/7/2020 - 17:47:54.278Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:54.325Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:54.372Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:54.418Unknown2744C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:54.418Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:54.418Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:54.418Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:54.418Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:54.418Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:54.418Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:54.418Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:54.418Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:54.418Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:54.418Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\bcrypt.dll
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 17:47:54.418Open2744C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 17:47:54.465Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:54.512Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.559Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.606Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.653Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.700Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.747Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.793Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.840Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.887Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.934Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:54.981Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:55.28Open2744C:\malware.exeC:\dwmapi.dll
10/7/2020 - 17:47:55.28Open2744C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 17:47:55.28Open2744C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 17:47:55.28Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.122Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.168Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:55.215Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:55.215Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\VERSION.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:55.215Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.262Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.309Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.356Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.403Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.450Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.497Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.543Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.590Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.637Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:55.684Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.731Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:55.778Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.825Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.872Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:55.965Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:56.12Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:56.59Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:56.106Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:56.200Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
10/7/2020 - 17:47:56.200Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:56.200Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:56.200Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.200Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.215Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.215Open2744C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:56.309Open2744C:\malware.exeC:\RpcRtRemote.dll
10/7/2020 - 17:47:56.309Open2744C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:56.309Unknown2744C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:56.309Open2744C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:56.309Unknown2744C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 17:47:56.356Unknown2744C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 17:47:56.356Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 17:47:56.372Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 17:47:56.606Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 17:47:56.606Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 17:47:57.28Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 17:47:57.28Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 17:47:57.28Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
10/7/2020 - 17:47:57.28Open2744C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 17:47:57.28Open2744C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:57.450Open2744C:\malware.exeC:\SXS.DLL
10/7/2020 - 17:47:57.450Open2744C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 17:47:57.450Open2744C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 17:47:57.450Open2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.450Open2744C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
10/7/2020 - 17:47:57.450Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:57.465Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.465Read2744C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:47:57.465Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:57.934Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:57.934Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:57.934Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:57.934Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:57.934Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:57.934Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:57.934Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:57.934Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.934Read2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.950Unknown2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:47:57.950Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:57.950Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:57.950Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:57.950Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:57.950Open2744C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
10/7/2020 - 17:47:58.903Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 17:47:58.903Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:58.903Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.903Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:58.965Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:59.12Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:59.59Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:59.106Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:59.153Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:59.247Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:59.247Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:59.293Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:59.340Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:59.387Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:59.434Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 17:47:59.481Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:59.481Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 17:47:59.481Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:59.528Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:59.575Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:59.622Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:59.668Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 17:47:59.668Unknown2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:59.668Open2744C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:59.668Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:59.668Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:59.668Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:59.668Read2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:47:59.668Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:47:59.856Read2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:48:0.137Open2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
10/7/2020 - 17:48:6.887Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:6.887Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:17.231Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:17.325Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:29.684Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:29.762Open2744C:\malware.exeC:\%insfolder%\%insname%
10/7/2020 - 17:48:41.90Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:41.137Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:41.184Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:41.231Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:41.278Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:48:41.325Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:41.372Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:41.418Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:41.465Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:41.512Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:41.559Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:41.606Open2744C:\malware.exeC:\shfolder.dll
10/7/2020 - 17:48:41.606Open2744C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:48:41.606Open2744C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:48:41.606Open2744C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:48:41.606Unknown2744C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:48:41.606Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:41.653Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:41.700Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:41.747Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:41.793Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
10/7/2020 - 17:48:41.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
10/7/2020 - 17:48:41.934Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
10/7/2020 - 17:48:41.934Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:41.981Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.28Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.122Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.168Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.215Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.262Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.309Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.356Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.403Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.450Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.497Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.543Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 17:48:42.543Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\malware.config
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:42.590Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:42.590Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:42.590Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:42.590Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:42.590Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:48:42.590Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:42.590Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:42.590Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:42.637Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:42.684Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:42.731Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:42.778Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 17:48:42.778Open2744C:\malware.exeC:\Program Files (x86)
10/7/2020 - 17:48:42.778Unknown2744C:\malware.exeC:\Program Files (x86)
10/7/2020 - 17:48:42.778Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.825Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:42.872Open2744C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
10/7/2020 - 17:48:42.872Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:42.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:42.965Open2744C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
10/7/2020 - 17:48:42.965Open2744C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
10/7/2020 - 17:48:42.965Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
10/7/2020 - 17:48:42.965Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:43.12Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
10/7/2020 - 17:48:43.12Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 17:48:43.12Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 17:48:43.12Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 17:48:43.12Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 17:48:43.12Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
10/7/2020 - 17:48:43.12Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 17:48:43.12Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 17:48:43.12Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:48:43.293Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:48:43.293Unknown2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
10/7/2020 - 17:48:43.293Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:43.293Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:43.293Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:43.293Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:43.293Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Monitor
10/7/2020 - 17:48:43.293Unknown2744C:\malware.exeC:\Monitor
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\netsh.exe
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Monitor\netsh.exe
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 17:48:43.293Open2744C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:48:43.309Unknown2744C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\
10/7/2020 - 17:48:43.309Unknown2744C:\malware.exeC:\
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows
10/7/2020 - 17:48:43.309Unknown2744C:\malware.exeC:\Windows
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:48:43.309Unknown2744C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:48:43.309Unknown2744C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 17:48:43.309Read2744C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 17:48:43.309Read2744C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 17:48:43.309Read2744C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 17:48:43.309Open2744C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
10/7/2020 - 17:48:43.309Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:48:43.309Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:43.325Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:43.325Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\Prefetch\NETSH.EXE-CD959116.pf
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows
10/7/2020 - 17:48:43.372Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows
10/7/2020 - 17:48:43.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Monitor
10/7/2020 - 17:48:43.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:48:43.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:48:43.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
10/7/2020 - 17:48:43.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
10/7/2020 - 17:48:43.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 17:48:43.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 17:48:43.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:48:43.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:48:43.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:48:43.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:48:43.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:48:43.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:48:43.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.mui
10/7/2020 - 17:48:43.590Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
10/7/2020 - 17:48:43.590Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe.Local
10/7/2020 - 17:48:43.590Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:48:43.590Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.Manifest
10/7/2020 - 17:48:43.606Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/7/2020 - 17:48:43.606Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
10/7/2020 - 17:48:43.622Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
10/7/2020 - 17:48:43.622Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
10/7/2020 - 17:48:43.622Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
10/7/2020 - 17:48:43.622Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 17:48:43.622Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 17:48:43.622Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 17:48:43.622Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 17:48:43.622Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
10/7/2020 - 17:48:43.622Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
10/7/2020 - 17:48:43.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL
10/7/2020 - 17:48:43.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL.DLL
10/7/2020 - 17:48:43.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL
10/7/2020 - 17:48:43.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL.DLL
10/7/2020 - 17:48:43.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
10/7/2020 - 17:48:43.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
10/7/2020 - 17:48:43.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
10/7/2020 - 17:48:43.700Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
10/7/2020 - 17:48:44.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
10/7/2020 - 17:48:44.168Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 17:48:44.168Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
10/7/2020 - 17:48:44.168Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 17:48:44.215Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 17:48:44.262Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 17:48:44.309Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 17:48:44.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
10/7/2020 - 17:48:44.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
10/7/2020 - 17:48:44.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
10/7/2020 - 17:48:44.356Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
10/7/2020 - 17:48:44.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
10/7/2020 - 17:48:44.356Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
10/7/2020 - 17:48:44.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:44.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:44.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
10/7/2020 - 17:48:44.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
10/7/2020 - 17:48:44.918Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
10/7/2020 - 17:48:44.918Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
10/7/2020 - 17:48:45.12Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 17:48:45.59Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
10/7/2020 - 17:48:45.106Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
10/7/2020 - 17:48:45.293Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
10/7/2020 - 17:48:45.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
10/7/2020 - 17:48:45.481Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 17:48:45.481Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:48:45.528Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
10/7/2020 - 17:48:45.528Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
10/7/2020 - 17:48:45.528Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.528Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.528Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 17:48:45.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 17:48:45.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
10/7/2020 - 17:48:45.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
10/7/2020 - 17:48:45.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.590Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.637Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.684Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.731Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 17:48:45.778Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
10/7/2020 - 17:48:45.825Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
10/7/2020 - 17:48:46.12Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
10/7/2020 - 17:48:46.12Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
10/7/2020 - 17:48:46.293Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
10/7/2020 - 17:48:46.293Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
10/7/2020 - 17:48:46.668Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
10/7/2020 - 17:48:46.715Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
10/7/2020 - 17:48:46.997Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 17:48:46.997Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 17:48:47.90Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
10/7/2020 - 17:48:47.90Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
10/7/2020 - 17:48:47.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
10/7/2020 - 17:48:47.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
10/7/2020 - 17:48:47.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
10/7/2020 - 17:48:47.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
10/7/2020 - 17:48:47.325Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
10/7/2020 - 17:48:47.325Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
10/7/2020 - 17:48:47.418Open2744C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:48:47.418Open2744C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:48:47.418Open2744C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:48:47.418Open2744C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:48:47.512Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
10/7/2020 - 17:48:47.512Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
10/7/2020 - 17:48:47.840Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
10/7/2020 - 17:48:47.840Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
10/7/2020 - 17:48:47.981Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
10/7/2020 - 17:48:48.28Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
10/7/2020 - 17:48:48.262Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
10/7/2020 - 17:48:48.262Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
10/7/2020 - 17:48:48.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
10/7/2020 - 17:48:48.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
10/7/2020 - 17:48:48.825Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
10/7/2020 - 17:48:48.825Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
10/7/2020 - 17:48:48.825Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
10/7/2020 - 17:48:48.825Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
10/7/2020 - 17:48:49.153Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
10/7/2020 - 17:48:49.200Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
10/7/2020 - 17:48:49.481Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
10/7/2020 - 17:48:49.481Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
10/7/2020 - 17:48:49.950Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
10/7/2020 - 17:48:49.997Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
10/7/2020 - 17:48:50.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
10/7/2020 - 17:48:50.325Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
10/7/2020 - 17:48:50.840Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
10/7/2020 - 17:48:50.840Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
10/7/2020 - 17:48:51.122Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
10/7/2020 - 17:48:51.403Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
10/7/2020 - 17:48:51.403Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
10/7/2020 - 17:48:51.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
10/7/2020 - 17:48:51.637Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
10/7/2020 - 17:48:51.965Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
10/7/2020 - 17:48:51.965Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
10/7/2020 - 17:48:52.200Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
10/7/2020 - 17:48:52.247Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
10/7/2020 - 17:48:52.247Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
10/7/2020 - 17:48:52.247Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
10/7/2020 - 17:48:52.247Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
10/7/2020 - 17:48:52.247Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
10/7/2020 - 17:48:52.262Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 17:48:52.262Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 17:48:52.262Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 17:48:52.262Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 17:48:52.262Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
10/7/2020 - 17:48:52.262Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
10/7/2020 - 17:48:52.262Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
10/7/2020 - 17:48:52.262Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
10/7/2020 - 17:48:52.278Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
10/7/2020 - 17:48:52.278Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.278Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.278Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.278Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.278Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.278Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.278Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.278Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:48:52.278Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:48:52.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:48:52.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:48:52.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 17:48:52.340Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 17:48:52.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 17:48:52.340Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 17:48:52.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\qagentrt.dll
10/7/2020 - 17:48:52.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 17:48:52.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 17:48:52.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
10/7/2020 - 17:48:52.340Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
10/7/2020 - 17:48:52.356Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
10/7/2020 - 17:48:52.356Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.356Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
10/7/2020 - 17:48:52.372Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
10/7/2020 - 17:48:52.372Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.372Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
10/7/2020 - 17:48:52.387Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
10/7/2020 - 17:48:52.387Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
10/7/2020 - 17:48:52.387Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
10/7/2020 - 17:48:52.387Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
10/7/2020 - 17:48:52.387Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:48:52.497Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:48:52.497Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:48:52.497Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:48:52.543Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.mui
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.543Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.590Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
10/7/2020 - 17:48:52.590Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
10/7/2020 - 17:48:52.684Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.684Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.684Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 17:48:52.684Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
10/7/2020 - 17:48:52.684Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
10/7/2020 - 17:48:52.684Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
10/7/2020 - 17:48:52.684Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
10/7/2020 - 17:48:52.731Open2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.mui
10/7/2020 - 17:48:52.731Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
10/7/2020 - 17:48:52.731Read2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
10/7/2020 - 17:48:53.59Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows
10/7/2020 - 17:48:53.59Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Monitor
10/7/2020 - 17:48:53.59Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.muinetsh.exe.mui
10/7/2020 - 17:48:53.59Unknown2880C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:48:53.59Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
10/7/2020 - 17:48:53.59Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
10/7/2020 - 17:48:53.59Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
10/7/2020 - 17:48:53.75Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
10/7/2020 - 17:48:53.75Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
10/7/2020 - 17:48:53.75Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 17:48:53.75Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.90Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
10/7/2020 - 17:48:53.90Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.90Open2744C:\malware.exeC:\vaultcli.dll
10/7/2020 - 17:48:53.90Open2744C:\malware.exeC:\vaultcli.dll
10/7/2020 - 17:48:53.90Open2744C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 17:48:53.90Open2744C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 17:48:53.606Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.622Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
10/7/2020 - 17:48:53.622Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
10/7/2020 - 17:48:53.622Open2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Open2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Open2744C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 17:48:53.622Open2744C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 17:48:53.622Open2744C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 17:48:53.622Open2744C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 17:48:53.622Open2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.622Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:48:53.637Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.637Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
10/7/2020 - 17:48:53.637Open2744C:\malware.exeC:\Storage
10/7/2020 - 17:48:53.637Open2744C:\malware.exeC:\mail
10/7/2020 - 17:48:53.637Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
10/7/2020 - 17:48:53.637Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
10/7/2020 - 17:48:53.637Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:53.700Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
10/7/2020 - 17:48:53.700Open2744C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:53.700Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:53.747Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:53.747Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:53.793Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:53.793Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:53.793Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:53.840Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:53.887Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:53.934Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:53.981Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:54.28Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:54.28Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:48:54.28Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:54.28Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:54.28Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:54.28Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:48:54.28Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:54.28Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:48:54.28Open2744C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
10/7/2020 - 17:48:54.28Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 17:48:54.28Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 17:48:54.28Read2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:48:54.75Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 17:48:54.75Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:48:54.122Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 17:48:54.122Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 17:48:54.215Unknown2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.215Open2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 17:48:54.215Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.262Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.309Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.356Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.403Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.450Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.497Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.543Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.590Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.637Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.684Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.731Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.778Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.825Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.872Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.918Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:54.965Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.12Open2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:48:55.59Unknown2744C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:48:55.59Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.106Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.153Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.200Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.247Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.293Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.340Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.387Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.434Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.481Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.528Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.575Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.622Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.668Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.715Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.762Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.809Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.856Read2744C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\Monitor\Folder.lst
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\cftp\Ftplist.txt
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 17:48:55.903Open2744C:\malware.exeC:\FTP Navigator\Ftplist.txt
10/7/2020 - 17:48:55.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 17:48:55.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 17:48:55.918Open2744C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
10/7/2020 - 17:48:55.918Open2744C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script

Process
Trace
10/7/2020 - 17:47:53.778Create1480C:\malware.exe2744C:\malware.exe
10/7/2020 - 17:48:43.309Create2744C:\malware.exe2880C:\Windows\SysWOW64\netsh.exe
10/7/2020 - 17:48:53.59Terminate2744C:\malware.exe2880C:\Windows\SysWOW64\netsh.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
10/7/2020 - 17:45:55.622Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
10/7/2020 - 17:48:52.340Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.340Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.340Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.340Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.340Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-100
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-101
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-103
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-102
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-1
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-2
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.356Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-4
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-3
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-100
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-101
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-102
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-103
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.372Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-100
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-101
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-102
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-103
10/7/2020 - 17:48:52.387Write2880C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 70.01%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 89.95%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 91.08%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 92.13%
suspicious: False cancel

Add to Collection
Download