Report #10884 check_circle

  • Creation Date: July 10, 2020, 10:45 p.m.
  • Last Update: July 10, 2020, 10:49 p.m.
  • File: Scan 0007052020.exe
  • Results:
Binary
DLL
False cancel
Size
520.50KB
trid
39.9% Win32 Executable MS Visual C++
35.4% Win64 Executable
8.4% Win32 Dynamic Link Library
5.7% Win32 Executable
2.6% Win16/32 Executable Delphi generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
06d49c3d910b149dc1f89341b0209c7e
sha1
eee501121dd58f5e9e837a346436eedd89719ccf
crc32
0x99b0302
sha224
c50fd434126c98b545f2d73055926b8a2e871f3e48b475f56d19ad41
sha256
03ffe4f20fb755df6d624c00fa8146eb3870b55fa5356d25b50ebfc197f7ade4
sha384
0ee405339438afd6548d586436d4eff124598a1ec2599896ee2e544bb5ca2361db29190a467104e4721f11ee9fd674d8
sha512
e8041f5f462e14e4a004fe353582e90231be9b05a6d6ec7a32ec73602d849db3d1d2f4be1409970144a1dfe1475a16d7b4f2cf9fbe16a86e30754b0675fa92dd
ssdeep
12288:Co+7tdvyZMgSI7GrCJcnJ762gPW3XF+kbsFg:CoCtdAiIzJMJW/
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, anti_dbg, url, Big_Numbers3, contentis_base64, IsNET_EXE, IsPacked, DebuggerCheck__RemoteAPI, IP, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
https://www.google.com.br/search?q=snake&oq=snake&aqs=chrome..69i57j69i59j0l4.906j0j7&sourceid=chrome&ie=UTF-8
http://tempuri.org/CoreSet.xsd
N.vE
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
ModelsCore.Properties
ModelsCore.Properties.Resources
http://www.w3.org/2001/XMLSchema
System.ComponentModel.Design
9PT.kP
O.Bo
ModelsCore.Properties.Resources.resources
vs.data.DataSet
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
16.0.0.0
16.0.0.0
OnRowDeleting
OnRowDeleted
&%'%(%)%/.0.1.2.54
-efD${
`lhM&o
Name player {0} =
oU'fD
(System.Data.Design.TypedDataSetGenerator
get_isWin
_players
remove_PointRowDeleted
oGBP4ED
%eFE`b[
add_PointRowDeleted
3System.Resources.Tools.StronglyTypedResourceBuilder
PointRowDeleted
PointRowDeleting
isWin
uNBS
Count
ElfD
Next
BBgCewc
Delegate
vnE%F
player
builder
players
MulticastDelegate
System.Windows.Forms
EpmG%e
RL%ipm
h%iF g
mscoree.dll
get_ResourceManager
Player {0}-{1} is BOUNCING to {2}
z.sse
START from {0} and FINISH at {1}
Congratulations, player {0}-{1} Won
XmlRootAttribute
DebuggerBrowsableState
WebBrowser
ScreenCapture
remove_PointRowDeleting
remove_PointRowChanged
DebuggableAttribute
DebuggingModes
ResourceManager
FPlayManager
PlayManager
Please ENTER to play
add_PointRowDeleting
VirtualProtect
E0ED
7Fae
OnRowChanged
OnRowChanging
isOnLadder
isOnSnake
Masukin jumlah player =
4]&<~
Binder
randomgenerator
Sleep
6] as
sYixzCcCK.exe
sYixzCcCK.exe
sYixzCcCK.exe
$45ad46b9-06ed-48a9-b1d9-5d0552bda7e9
Random
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
FN5c3RlbS5Db21wb25lbnRNb2Rlb
Aq=tPeBe
DebuggerBrowsableAttribute
DebuggerNonUserCodeAttribute
T`&o
-?y#8gttA
~,8>I|Ft
<SetTypes>b__0
205'f3i"T
5OK;K6lSn

Foremost
Matches
0.exe, 520 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 0.1.2.54, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed: http://www.w3.org/2001/xmlschema
hasURLs: True check_circle
Suspicious: https://www.google.com.br/search?q=snake&oq=snake&aqs=chrome..69i57j69i59j0l4.906j0j7&sourceid=chrome&ie=utf-8, http://tempuri.org/coreset.xsd
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll, kernel32.dll
hasFiles: True check_circle
Suspicious: System.Xml
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 421376
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: zk, .text, .rsrc, .reloc,
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 565258
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-05-07 01:26:23
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 195
.text: 5

pushpopmath
none: 121
.text: 8

ss register
none: 5

garbagebytes
none: 78
.text: 3

hookdetection
none: 6

software breakpoint
none: 11
.text: 2

fakeconditionaljumps
none: 11

programcontrolflowchange
none: 67
.text: 3

cpuinstructionsresultscomparison
.text: 2

AVclass
noon
1
VirusTotal
md5
06d49c3d910b149dc1f89341b0209c7e
sha1
eee501121dd58f5e9e837a346436eedd89719ccf
SCANS (DETECTION RATE = 73.61%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200513
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=83)
update: 20200513
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200513
version: 6.21
detected: True check_circle

Bkav
update: 20200513
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 005663fe1 )
update: 20200513
version: 11.109.34084
detected: True check_circle

ALYac
result: Trojan.Agent.Wacatac
update: 20200513
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:PWSX-gen [Trj]
update: 20200513
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.bjanl
update: 20200513
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.ARI.gen!Eldorado
update: 20200513
version: 6.3.0.2
detected: True check_circle

DrWeb
update: 20200513
version: 7.0.46.3050
detected: False cancel

GData
result: Gen:Variant.Razy.552185
update: 20200513
version: A:25.25621B:26.18717
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200513
version: 4.6.4.2
detected: True check_circle

VBA32
result: CIL.HeapOverride.Heur
update: 20200513
version: 4.4.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200513
version: 83694
detected: True check_circle

Zoner
update: 20200513
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200513
version: 0.102.3.0
detected: False cancel

Comodo
result: Malware@#2b3x4upum63z6
update: 20200513
version: 32439
detected: True check_circle

F-Prot
result: W32/MSIL_Kryptik.ARI.gen!Eldorado
update: 20200513
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.MSIL.Inject
update: 20200513
version: 0.1.5.2
detected: True check_circle

McAfee
result: Packed-FJS!06D49C3D910B
update: 20200513
version: 6.0.6.653
detected: True check_circle

Rising
update: 20200513
version: 25.0.0.24
detected: False cancel

Sophos
result: Troj/MSIL-OOX
update: 20200513
version: 4.98.0
detected: True check_circle

Yandex
update: 20200513
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200513
version: 2.0.0.4089
detected: False cancel

Acronis
result: suspicious
update: 20200509
version: 1.1.1.75
detected: True check_circle

Alibaba
result: TrojanPSW:MSIL/Agentesla.b2469912
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Razy.D86CF9
update: 20200513
version: 1.0.0.875
detected: True check_circle

Cylance
result: Unsafe
update: 20200513
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200512
version: 4.0.2
detected: True check_circle

FireEye
result: Generic.mg.06d49c3d910b149d
update: 20200508
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200513
version: 2020-05-13.03
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200513
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200513
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200513
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_99%
update: 20200513
detected: True check_circle

Ad-Aware
result: Gen:Variant.Razy.552185
update: 20200513
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Multi.Generic.4!c
update: 20200513
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.Crypt (A)
update: 20200513
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Kryptik.bjanl
update: 20200513
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Kryptik.3A7D!tr
update: 20200513
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200513
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200513
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200513
version: 1.0
detected: True check_circle

Trapmine
update: 20200505
version: 3.2.25.947
detected: False cancel

AhnLab-V3
result: Malware/Win32.RL_Trojanspy.C4090139
update: 20200513
version: 3.17.6.27456
detected: True check_circle

Antiy-AVL
result: Trojan[Spy]/MSIL.Noon
update: 20200513
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-Spy.MSIL.Noon.gen
update: 20200513
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20200513
version: 1.0.0.1
detected: True check_circle

Microsoft
result: PWS:MSIL/Agentesla!MTB
update: 20200513
version: 1.1.17000.7
detected: True check_circle

Qihoo-360
result: Generic/HEUR/QVM03.0.0F46.Malware.Gen
update: 20200513
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-Spy.MSIL.Noon.gen
update: 20200513
version: 1.0
detected: True check_circle

Cybereason
result: malicious.21dd58
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.VUD
update: 20200513
version: 21321
detected: True check_circle

TrendMicro
result: TrojanSpy.MSIL.NOON.SMA.hp
update: 20200513
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Variant.Razy.552185
update: 20200513
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005663fe1 )
update: 20200513
version: 11.109.34083
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200513
version: 4.3.0.0
detected: True check_circle

Avast-Mobile
update: 20200513
version: 200513-00
detected: False cancel

Malwarebytes
result: Spyware.AgentTesla
update: 20200513
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200513
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Multi
update: 20200513
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20200513
version: 1.0.134.25112
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34108.Gu0@aqGnIgn
update: 20200428
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Razy.552185
update: 20200513
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200513
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Packed.hc
update: 20200513
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TrojanSpy.MSIL.NOON.SMA.hp
update: 20200513
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
03ffe4f20fb755df6d624c00fa8146eb3870b55fa5356d25b50ebfc197f7ade4
scan_id
03ffe4f20fb755df6d624c00fa8146eb3870b55fa5356d25b50ebfc197f7ade4-1589394799
resource
06d49c3d910b149dc1f89341b0209c7e
positives
53
scan_date
2020-05-13 18:33:19
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:45:43.637Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\
10/7/2020 - 21:45:43.637Unknown1480C:\malware.exeC:\
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows
10/7/2020 - 21:45:43.637Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:45:43.637Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:45:43.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 21:45:43.668Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:43.668Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:43.668Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:43.668Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:43.668Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:43.668Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:43.668Open1480C:\malware.exeC:\malware.exe.config
10/7/2020 - 21:45:43.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 21:45:44.231Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:45:44.231Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:45:44.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 21:45:44.231Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.262Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:45:44.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.590Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 21:45:44.590Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 21:45:44.590Open1480C:\malware.exeC:\
10/7/2020 - 21:45:44.590Unknown1480C:\malware.exeC:\
10/7/2020 - 21:45:44.590Open1480C:\malware.exeC:\Monitor
10/7/2020 - 21:45:44.590Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 21:45:44.590Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 21:45:44.590Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 21:45:44.590Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 21:45:44.590Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 21:45:44.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 21:45:44.918Open1480C:\malware.exeC:\malware.config
10/7/2020 - 21:45:44.918Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 21:45:44.918Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 21:45:44.918Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 21:45:44.918Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 21:45:44.918Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 21:45:44.934Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 21:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 21:45:44.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 21:45:44.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 21:45:44.934Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 21:45:44.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:45:44.934Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:45:44.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:44.950Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 21:45:44.950Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 21:45:44.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 21:45:44.950Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:44.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:44.950Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:45:44.950Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 21:45:44.965Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:45:45.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:46.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:46.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:49.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:49.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:51.340Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 21:45:51.528Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.528Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 21:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:51.997Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.137Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.137Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:53.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:45:53.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:45:53.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:54.481Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:45:54.575Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:55.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:55.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:55.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:55.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:55.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:56.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:56.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:56.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
10/7/2020 - 21:45:56.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
10/7/2020 - 21:45:56.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 21:45:56.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 21:45:56.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 21:45:56.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 21:45:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:56.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:56.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:56.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:56.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:56.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:56.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:56.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:56.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:56.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:56.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:56.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:56.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:57.43Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 21:45:57.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:57.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:57.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:58.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:58.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:58.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:58.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:58.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:58.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:59.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:59.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:59.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.715Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.715Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.715Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 21:45:59.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 21:45:59.715Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 21:45:59.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 21:45:59.715Open1480C:\malware.exeC:\version.DLL
10/7/2020 - 21:45:59.715Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 21:45:59.715Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:45:59.778Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
10/7/2020 - 21:45:59.778Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\SXS.DLL
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 21:45:59.778Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\RpcRtRemote.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 21:45:59.887Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 21:45:59.887Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 21:45:59.887Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 21:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.950Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
10/7/2020 - 21:45:59.950Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
10/7/2020 - 21:45:59.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
10/7/2020 - 21:45:59.950Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
10/7/2020 - 21:45:59.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
10/7/2020 - 21:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 21:45:59.997Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\ShFolder.DLL
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:45:59.997Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:45:59.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:45:59.997Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:0.12Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:46:0.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 21:46:0.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 21:46:0.12Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 21:46:0.12Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 21:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 21:46:0.403Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 21:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 21:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 21:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 21:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 21:46:0.497Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 21:46:0.637Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 21:46:0.684Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 21:46:0.684Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 21:46:0.684Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 21:46:0.778Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 21:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 21:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 21:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 21:46:0.965Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 21:46:1.12Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 21:46:1.12Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 21:46:1.12Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 21:46:1.153Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 21:46:1.200Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 21:46:1.200Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 21:46:1.200Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 21:46:1.293Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 21:46:1.293Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 21:46:1.293Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 21:46:1.293Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 21:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 21:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 21:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 21:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 21:46:1.481Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 21:46:1.481Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 21:46:1.481Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 21:46:1.481Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 21:46:1.622Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 21:46:1.622Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 21:46:1.622Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 21:46:1.622Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 21:46:1.762Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 21:46:1.809Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 21:46:1.809Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 21:46:1.809Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 21:46:1.903Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 21:46:1.950Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 21:46:1.950Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 21:46:1.997Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 21:46:2.90Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 21:46:2.90Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 21:46:2.90Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 21:46:2.90Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 21:46:2.184Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 21:46:2.184Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 21:46:2.184Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 21:46:2.184Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 21:46:2.747Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 21:46:3.168Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 21:46:3.215Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 21:46:3.262Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 21:46:3.262Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 21:46:3.262Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 21:46:3.262Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 21:46:3.356Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 21:46:3.356Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 21:46:3.356Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 21:46:3.356Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 21:46:3.497Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 21:46:3.497Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 21:46:3.497Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 21:46:3.497Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 21:46:3.590Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 21:46:3.590Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 21:46:3.590Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 21:46:3.590Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 21:46:3.684Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 21:46:3.731Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 21:46:3.731Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 21:46:3.731Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 21:46:3.825Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 21:46:3.872Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 21:46:3.872Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 21:46:3.872Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 21:46:3.965Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 21:46:3.965Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 21:46:3.965Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 21:46:3.965Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 21:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 21:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 21:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 21:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 21:46:4.153Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 21:46:4.200Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 21:46:4.200Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 21:46:4.200Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 21:46:4.293Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 21:46:4.340Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 21:46:4.340Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 21:46:4.340Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 21:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 21:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 21:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 21:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 21:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 21:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 21:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 21:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 21:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 21:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 21:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 21:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 21:46:4.715Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 21:46:4.715Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 21:46:4.715Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 21:46:4.715Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 21:46:4.809Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 21:46:4.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 21:46:4.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 21:46:4.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 21:46:5.137Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 21:46:5.293Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 21:46:5.293Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 21:46:5.293Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 21:46:5.575Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 21:46:5.715Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 21:46:5.715Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 21:46:5.715Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 21:46:5.856Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 21:46:5.903Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 21:46:5.903Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 21:46:5.903Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 21:46:5.997Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 21:46:6.43Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 21:46:6.43Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 21:46:6.43Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 21:46:6.700Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 21:46:7.403Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 21:46:7.778Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 21:46:8.200Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 21:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 21:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 21:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 21:46:9.231Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 21:46:9.934Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 21:46:10.356Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 21:46:10.778Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 21:46:11.153Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 21:46:11.153Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 21:46:11.153Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 21:46:11.293Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 21:46:11.340Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 21:46:11.340Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 21:46:11.340Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 21:46:11.668Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 21:46:11.997Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 21:46:11.997Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 21:46:11.997Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 21:46:12.325Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 21:46:12.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 21:46:12.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 21:46:12.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 21:46:12.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 21:46:13.356Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 21:46:13.356Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 21:46:13.356Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 21:46:13.731Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 21:46:14.59Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 21:46:14.59Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 21:46:14.59Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 21:46:14.575Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 21:46:14.950Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 21:46:14.950Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 21:46:14.950Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 21:46:14.950Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 21:46:14.950Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 21:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 21:46:15.887Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 21:46:15.887Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 21:46:15.887Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 21:46:15.887Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 21:46:15.887Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 21:46:16.28Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 21:46:16.122Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 21:46:16.122Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 21:46:16.122Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 21:46:16.872Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 21:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 21:46:17.106Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 21:46:17.106Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 21:46:17.106Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 21:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 21:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 21:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 21:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 21:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 21:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 21:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 21:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 21:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 21:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 21:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 21:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 21:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 21:46:18.325Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 21:46:18.418Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 21:46:18.418Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 21:46:18.418Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 21:46:18.559Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 21:46:18.606Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 21:46:18.606Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 21:46:18.606Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 21:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 21:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 21:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 21:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 21:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 21:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 21:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 21:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 21:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 21:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 21:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 21:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 21:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 21:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 21:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 21:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 21:46:19.168Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 21:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 21:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 21:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 21:46:19.450Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 21:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 21:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 21:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 21:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 21:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 21:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 21:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 21:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 21:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 21:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 21:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 21:46:19.684Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 21:46:19.684Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 21:46:19.684Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 21:46:19.684Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 21:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 21:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 21:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 21:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 21:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 21:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 21:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 21:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 21:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 21:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 21:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 21:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 21:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 21:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 21:46:20.856Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 21:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 21:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 21:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 21:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 21:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 21:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 21:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 21:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 21:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 21:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 21:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 21:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 21:46:21.559Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 21:46:21.559Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 21:46:21.559Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 21:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 21:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 21:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 21:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 21:46:21.747Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 21:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 21:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 21:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 21:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 21:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 21:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 21:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 21:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 21:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 21:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 21:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 21:46:22.122Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 21:46:22.122Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 21:46:22.122Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 21:46:22.122Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 21:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 21:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 21:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 21:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 21:46:22.309Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 21:46:22.309Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 21:46:22.309Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 21:46:22.309Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 21:46:22.465Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 21:46:22.465Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 21:46:22.465Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 21:46:22.465Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 21:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 21:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 21:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 21:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 21:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 21:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 21:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 21:46:22.653Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 21:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 21:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 21:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 21:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 21:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 21:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 21:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 21:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 21:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 21:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 21:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 21:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 21:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 21:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 21:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 21:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 21:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 21:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 21:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 21:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 21:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 21:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 21:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 21:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 21:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 21:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 21:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 21:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 21:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 21:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 21:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 21:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 21:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 21:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 21:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 21:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 21:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 21:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 21:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 21:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 21:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 21:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 21:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 21:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 21:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 21:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 21:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 21:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 21:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 21:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 21:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 21:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 21:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 21:46:24.137Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 21:46:24.137Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 21:46:24.137Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 21:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 21:46:24.325Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 21:46:24.325Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 21:46:24.325Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 21:46:24.418Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 21:46:24.418Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 21:46:24.418Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 21:46:24.418Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 21:46:24.512Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 21:46:24.512Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 21:46:24.512Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 21:46:24.512Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 21:46:24.606Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 21:46:24.606Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 21:46:24.606Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 21:46:24.606Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 21:46:24.700Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 21:46:24.700Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 21:46:24.700Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 21:46:24.700Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 21:46:24.793Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 21:46:24.793Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 21:46:24.793Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 21:46:24.793Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 21:46:24.887Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 21:46:24.887Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 21:46:24.887Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 21:46:24.887Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 21:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 21:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 21:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 21:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 21:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 21:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 21:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 21:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 21:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 21:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 21:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 21:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 21:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 21:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 21:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 21:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 21:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 21:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 21:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 21:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 21:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 21:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 21:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 21:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 21:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 21:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 21:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 21:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 21:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 21:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 21:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 21:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 21:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 21:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 21:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 21:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 21:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 21:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 21:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 21:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 21:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 21:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 21:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 21:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 21:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 21:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 21:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 21:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 21:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 21:46:26.247Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 21:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 21:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 21:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 21:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 21:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 21:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 21:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 21:46:26.622Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 21:46:26.622Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 21:46:26.622Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 21:46:26.622Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 21:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 21:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 21:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 21:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 21:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 21:46:26.997Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 21:46:26.997Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 21:46:26.997Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 21:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 21:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 21:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 21:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 21:46:27.372Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 21:46:27.372Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 21:46:27.372Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 21:46:27.372Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 21:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 21:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 21:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 21:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 21:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 21:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 21:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 21:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 21:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 21:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 21:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 21:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 21:46:27.747Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 21:46:27.747Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 21:46:27.747Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 21:46:27.747Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 21:46:27.840Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 21:46:27.840Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 21:46:27.840Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 21:46:27.840Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 21:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 21:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 21:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 21:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 21:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 21:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 21:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 21:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 21:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 21:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 21:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 21:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 21:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 21:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 21:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 21:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 21:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 21:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 21:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 21:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 21:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 21:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 21:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 21:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 21:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 21:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 21:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 21:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 21:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 21:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 21:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 21:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 21:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 21:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 21:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 21:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 21:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 21:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 21:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 21:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 21:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 21:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 21:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 21:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 21:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 21:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 21:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 21:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 21:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 21:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 21:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 21:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 21:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 21:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 21:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 21:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 21:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 21:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 21:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 21:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 21:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 21:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 21:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 21:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 21:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 21:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 21:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 21:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 21:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 21:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 21:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 21:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 21:46:30.465Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 21:46:30.465Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 21:46:30.465Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 21:46:30.465Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 21:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 21:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 21:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 21:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 21:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 21:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 21:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 21:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 21:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 21:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 21:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 21:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 21:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 21:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 21:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 21:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 21:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 21:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 21:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 21:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 21:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 21:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 21:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 21:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 21:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 21:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 21:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 21:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 21:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 21:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 21:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 21:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 21:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 21:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 21:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 21:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 21:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 21:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 21:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 21:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 21:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 21:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 21:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 21:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 21:46:31.684Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 21:46:31.684Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 21:46:31.684Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 21:46:31.684Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 21:46:31.778Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 21:46:31.778Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 21:46:31.778Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 21:46:31.778Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 21:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 21:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 21:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 21:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 21:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 21:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 21:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 21:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 21:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 21:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 21:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 21:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 21:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 21:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 21:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 21:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 21:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 21:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 21:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 21:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 21:46:32.340Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 21:46:32.340Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 21:46:32.340Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 21:46:32.340Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 21:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 21:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 21:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 21:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 21:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 21:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 21:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 21:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 21:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 21:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 21:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 21:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 21:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 21:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 21:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 21:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 21:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 21:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 21:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 21:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 21:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 21:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 21:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 21:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 21:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 21:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 21:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 21:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 21:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 21:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 21:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 21:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 21:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 21:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 21:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 21:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 21:46:33.309Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 21:46:33.309Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 21:46:33.309Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 21:46:33.309Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 21:46:33.403Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 21:46:33.403Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 21:46:33.403Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 21:46:33.403Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 21:46:33.497Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 21:46:33.497Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 21:46:33.497Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 21:46:33.497Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 21:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 21:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 21:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 21:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 21:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 21:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 21:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 21:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 21:46:33.965Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 21:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 21:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 21:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 21:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 21:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 21:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 21:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 21:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 21:46:34.809Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 21:46:34.809Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 21:46:34.809Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 21:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 21:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 21:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 21:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 21:46:35.278Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 21:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 21:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 21:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 21:46:35.793Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 21:46:36.28Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 21:46:36.309Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 21:46:36.309Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 21:46:36.309Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 21:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 21:46:36.684Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 21:46:36.684Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 21:46:36.684Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 21:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 21:46:37.153Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 21:46:37.153Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 21:46:37.153Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 21:46:37.293Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 21:46:37.528Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 21:46:37.528Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 21:46:37.528Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 21:46:37.622Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 21:46:37.622Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 21:46:37.622Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 21:46:37.622Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 21:46:37.715Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 21:46:37.715Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 21:46:37.715Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 21:46:37.715Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 21:46:37.809Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 21:46:37.809Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 21:46:37.809Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 21:46:37.809Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 21:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 21:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 21:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 21:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 21:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 21:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 21:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 21:46:37.903Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 21:46:37.997Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 21:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 21:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 21:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 21:46:38.184Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 21:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 21:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 21:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 21:46:38.372Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 21:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 21:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 21:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 21:46:38.559Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 21:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 21:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 21:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 21:46:38.747Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 21:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 21:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 21:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 21:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 21:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 21:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 21:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 21:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 21:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 21:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 21:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 21:46:39.262Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 21:46:39.356Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 21:46:39.356Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 21:46:39.356Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 21:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 21:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 21:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 21:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 21:46:39.637Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 21:46:39.684Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 21:46:39.684Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 21:46:39.684Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 21:46:39.778Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 21:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 21:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 21:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 21:46:39.918Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 21:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 21:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 21:46:39.965Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 21:46:40.59Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 21:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 21:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 21:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 21:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 21:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 21:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 21:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 21:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 21:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 21:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 21:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 21:46:40.434Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 21:46:42.28Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 21:46:42.28Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 21:46:42.28Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 21:46:42.122Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 21:46:42.122Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 21:46:42.122Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 21:46:42.122Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 21:46:42.215Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 21:46:42.215Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 21:46:42.215Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 21:46:42.215Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 21:46:42.309Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 21:46:42.309Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 21:46:42.309Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 21:46:42.309Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 21:46:42.403Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 21:46:42.403Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 21:46:42.403Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 21:46:42.403Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 21:46:42.543Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 21:46:42.543Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 21:46:42.543Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 21:46:42.543Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 21:46:42.684Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 21:46:42.684Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 21:46:42.684Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 21:46:42.684Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 21:46:42.825Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 21:46:42.825Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 21:46:42.825Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 21:46:42.825Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 21:46:42.965Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 21:46:42.965Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 21:46:42.965Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 21:46:42.965Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 21:46:43.59Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 21:46:43.59Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 21:46:43.59Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 21:46:43.59Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 21:46:43.153Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 21:46:43.153Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 21:46:43.153Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 21:46:43.153Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 21:46:43.247Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 21:46:43.247Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 21:46:43.247Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 21:46:43.247Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 21:46:43.340Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 21:46:43.340Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 21:46:43.340Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 21:46:43.340Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 21:46:43.434Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 21:46:43.434Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 21:46:43.434Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 21:46:43.434Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 21:46:43.528Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 21:46:43.528Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 21:46:43.528Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 21:46:43.528Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 21:46:43.668Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 21:46:43.668Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 21:46:43.668Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 21:46:43.668Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 21:46:43.809Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 21:46:43.809Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 21:46:43.809Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 21:46:43.809Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 21:46:43.950Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 21:46:43.950Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 21:46:43.950Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 21:46:43.950Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 21:46:44.90Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 21:46:44.90Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 21:46:44.90Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 21:46:44.90Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 21:46:44.184Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 21:46:44.184Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.184Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 21:46:44.184Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.231Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.309Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 21:46:44.356Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.403Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.450Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.497Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.543Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.590Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.637Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.684Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 21:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 21:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 21:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 21:46:44.825Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 21:46:45.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 21:46:45.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 21:46:45.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 21:46:45.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 21:46:45.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 21:46:45.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:45.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:45.575Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
10/7/2020 - 21:46:45.575Open1480C:\malware.exeC:\PROPSYS.dll
10/7/2020 - 21:46:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 21:46:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 21:46:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:46:45.762Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\apphelp.dll
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\Secur32.dll
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/7/2020 - 21:46:45.762Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 21:46:45.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 21:46:45.778Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 21:46:45.778Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\IPHLPAPI.DLL
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\WINNSI.DLL
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 21:46:45.778Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 21:46:45.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
10/7/2020 - 21:46:45.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
10/7/2020 - 21:46:45.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
10/7/2020 - 21:46:45.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
10/7/2020 - 21:46:45.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
10/7/2020 - 21:46:45.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
10/7/2020 - 21:46:45.793Open1480C:\malware.exeC:\DNSAPI.dll
10/7/2020 - 21:46:45.793Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 21:46:45.793Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 21:46:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 21:46:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 21:46:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
10/7/2020 - 21:46:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/7/2020 - 21:46:45.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/7/2020 - 21:46:45.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/7/2020 - 21:46:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
10/7/2020 - 21:46:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
10/7/2020 - 21:46:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
10/7/2020 - 21:46:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
10/7/2020 - 21:46:45.997Open1480C:\malware.exeC:\dhcpcsvc6.DLL
10/7/2020 - 21:46:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
10/7/2020 - 21:46:45.997Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
10/7/2020 - 21:46:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
10/7/2020 - 21:46:45.997Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
10/7/2020 - 21:46:45.997Open1480C:\malware.exeC:\MSHTML.dll
10/7/2020 - 21:46:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\mshtml.dll
10/7/2020 - 21:46:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\mshtml.dll
10/7/2020 - 21:46:46.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:46:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
10/7/2020 - 21:46:46.106Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
10/7/2020 - 21:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.122Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
10/7/2020 - 21:46:46.122Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
10/7/2020 - 21:46:46.122Open1480C:\malware.exeC:\dhcpcsvc.DLL
10/7/2020 - 21:46:46.122Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
10/7/2020 - 21:46:46.122Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
10/7/2020 - 21:46:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.168Open1480C:\malware.exeC:\rasadhlp.dll
10/7/2020 - 21:46:46.168Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
10/7/2020 - 21:46:46.168Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
10/7/2020 - 21:46:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:46:46.262Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 21:46:46.403Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/7/2020 - 21:46:46.403Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/7/2020 - 21:46:46.450Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:46:46.497Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
10/7/2020 - 21:46:46.497Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
10/7/2020 - 21:46:46.512Open1480C:\malware.exeC:\credssp.dll
10/7/2020 - 21:46:46.512Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
10/7/2020 - 21:46:46.512Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
10/7/2020 - 21:46:46.512Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
10/7/2020 - 21:46:46.512Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
10/7/2020 - 21:46:46.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
10/7/2020 - 21:46:46.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
10/7/2020 - 21:46:46.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
10/7/2020 - 21:46:46.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
10/7/2020 - 21:46:46.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
10/7/2020 - 21:46:46.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
10/7/2020 - 21:46:46.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
10/7/2020 - 21:46:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\ncrypt.dll
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\bcrypt.dll
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
10/7/2020 - 21:46:46.653Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
10/7/2020 - 21:46:46.653Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
10/7/2020 - 21:46:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
10/7/2020 - 21:46:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
10/7/2020 - 21:46:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
10/7/2020 - 21:46:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
10/7/2020 - 21:46:46.668Open1480C:\malware.exeC:\GPAPI.dll
10/7/2020 - 21:46:46.668Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
10/7/2020 - 21:46:46.668Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
10/7/2020 - 21:46:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\malware.config
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\pt-BR\sYixzCcCK.resources.dll
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\pt-BR\sYixzCcCK.resources\sYixzCcCK.resources.dll
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\pt-BR\sYixzCcCK.resources.exe
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\pt-BR\sYixzCcCK.resources\sYixzCcCK.resources.exe
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
10/7/2020 - 21:46:46.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
10/7/2020 - 21:46:46.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
10/7/2020 - 21:46:46.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 21:46:46.762Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 21:46:46.762Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 21:46:46.762Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\cryptnet.dll
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_5FA8E5E800867BF860DF5E533E701BAF
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\85B3F147E3624A14E6A20DB4F6C2C5D9
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\SensApi.dll
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:46.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:46.903Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:46.903Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:46.903Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\pt\sYixzCcCK.resources.dll
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\pt\sYixzCcCK.resources\sYixzCcCK.resources.dll
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\pt\sYixzCcCK.resources.exe
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\pt\sYixzCcCK.resources\sYixzCcCK.resources.exe
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\REGDsYFubApEhGvbAVSNlvwkenYh.dll
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\REGDsYFubApEhGvbAVSNlvwkenYh\REGDsYFubApEhGvbAVSNlvwkenYh.dll
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\REGDsYFubApEhGvbAVSNlvwkenYh.exe
10/7/2020 - 21:46:46.903Open1480C:\malware.exeC:\REGDsYFubApEhGvbAVSNlvwkenYh\REGDsYFubApEhGvbAVSNlvwkenYh.exe
10/7/2020 - 21:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:46:46.918Open1480C:\malware.exeC:\WindowsCodecs.dll
10/7/2020 - 21:46:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 21:46:46.918Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 21:46:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 21:46:46.918Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 21:46:46.981Open1480C:\malware.exeC:\WINHTTP.dll
10/7/2020 - 21:46:46.981Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
10/7/2020 - 21:46:46.981Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
10/7/2020 - 21:46:46.981Open1480C:\malware.exeC:\webio.dll
10/7/2020 - 21:46:46.981Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
10/7/2020 - 21:46:46.981Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
10/7/2020 - 21:46:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:47.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.262Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:47.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:47.403Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:47.403Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:47.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:47.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_A8A9B9AEDF1DA1FAD1A84EEF06C9C74A
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC4FEA46495CA161D470CD085EDBAADE
10/7/2020 - 21:46:47.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.668Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
10/7/2020 - 21:46:47.668Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
10/7/2020 - 21:46:47.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.903Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.903Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.903Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024CC197601BE0898B7B0FCC91FA15D8A69_B803E9E21B94F136B53A18C354F54024
10/7/2020 - 21:46:47.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:47.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:47.965Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.59Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:48.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:48.153Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:48.153Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.153Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 21:46:48.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:48.200Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:48.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:49.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.684Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
10/7/2020 - 21:46:50.684Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 21:46:50.684Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
10/7/2020 - 21:46:50.684Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 21:46:50.684Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
10/7/2020 - 21:46:50.684Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 21:46:50.684Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
10/7/2020 - 21:46:50.684Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 21:46:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:50.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:50.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:51.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:51.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:51.715Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 21:46:51.715Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:46:51.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:46:51.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:46:51.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:46:51.903Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:51.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:46:51.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:51.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:51.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:52.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:52.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:52.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:46:52.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:46:52.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:46:52.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:46:52.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:52.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:46:52.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:52.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:52.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:46:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:52.465Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.700Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\
10/7/2020 - 21:46:52.700Unknown1480C:\malware.exeC:\
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.700Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.700Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
10/7/2020 - 21:46:52.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
10/7/2020 - 21:46:52.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ui\SwDRM.dll
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 21:46:52.700Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Prefetch\REGSVCS.EXE-6C19C8B1.pf
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
10/7/2020 - 21:46:52.747Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.747Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 21:46:52.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 21:46:52.762Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
10/7/2020 - 21:46:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:52.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1115765
10/7/2020 - 21:46:52.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1115765
10/7/2020 - 21:46:52.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1115765
10/7/2020 - 21:46:52.762Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:46:52.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.778Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.778Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
10/7/2020 - 21:46:52.778Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
10/7/2020 - 21:46:52.778Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.778Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 21:46:52.778Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.778Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.778Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.778Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.778Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
10/7/2020 - 21:46:52.778Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.778Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.778Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
10/7/2020 - 21:46:52.778Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 21:46:52.793Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
10/7/2020 - 21:46:52.793Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:46:52.793Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 21:46:52.793Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 21:46:52.793Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:46:52.793Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:46:52.793Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
10/7/2020 - 21:46:52.856Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.856Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
10/7/2020 - 21:46:52.856Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
10/7/2020 - 21:46:52.856Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 21:46:52.856Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 21:46:52.856Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
10/7/2020 - 21:46:52.856Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
10/7/2020 - 21:46:52.856Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.856Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CRYPTSP.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.872Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.872Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
10/7/2020 - 21:46:52.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 21:46:52.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:46:52.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:52.950Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:52.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.12Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.59Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.106Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.153Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.200Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.247Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.293Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.340Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
10/7/2020 - 21:46:53.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
10/7/2020 - 21:46:53.434Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
10/7/2020 - 21:46:53.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:46:53.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:46:53.434Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 21:46:53.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 21:46:53.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 21:46:53.434Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:53.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.481Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 21:46:53.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:53.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:53.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:53.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:53.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:53.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:53.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:53.481Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 21:46:53.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.528Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 21:46:53.528Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 21:46:53.528Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
10/7/2020 - 21:46:53.528Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\bcrypt.dll
10/7/2020 - 21:46:53.528Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 21:46:53.528Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 21:46:53.575Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:53.622Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.668Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.715Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.809Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.856Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.903Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:53.997Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:54.43Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:54.90Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:54.137Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:54.184Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:54.231Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:54.278Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\dwmapi.dll
10/7/2020 - 21:46:54.278Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 21:46:54.278Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 21:46:54.325Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.372Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.465Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.559Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.606Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:54.653Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:54.653Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:54.653Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.700Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.747Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.793Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.840Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.887Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:54.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:54.981Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:55.28Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:55.75Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:55.122Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:46:55.168Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:55.215Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:55.262Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:55.309Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:55.356Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:55.403Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:55.497Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:55.543Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:55.590Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:55.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RpcRtRemote.dll
10/7/2020 - 21:46:55.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 21:46:55.778Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 21:46:55.778Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 21:46:55.778Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 21:46:55.825Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 21:46:55.825Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 21:46:55.840Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 21:46:55.840Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 21:46:56.75Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 21:46:56.75Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 21:46:56.543Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 21:46:56.543Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 21:46:56.543Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
10/7/2020 - 21:46:56.543Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 21:46:56.543Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:56.934Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\SXS.DLL
10/7/2020 - 21:46:56.934Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 21:46:56.934Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 21:46:56.934Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.934Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:56.934Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:56.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 21:46:56.950Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
10/7/2020 - 21:46:57.418Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:57.418Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:57.418Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 21:46:57.418Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 21:46:57.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:57.418Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:57.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 21:46:57.418Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 21:46:57.418Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 21:46:57.418Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 21:46:57.418Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.418Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
10/7/2020 - 21:46:57.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:57.434Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:57.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:57.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 21:46:57.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.434Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 21:46:57.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:57.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:57.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:57.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:57.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:57.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:57.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
10/7/2020 - 21:46:58.387Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 21:46:58.387Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:58.387Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.450Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:58.497Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.543Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.590Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:58.637Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:46:58.731Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.731Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.778Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.825Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:58.872Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:46:58.918Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 21:46:58.965Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 21:46:58.965Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 21:46:58.965Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 21:46:59.12Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 21:46:59.59Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 21:46:59.106Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 21:46:59.153Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 21:46:59.153Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 21:46:59.153Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
10/7/2020 - 21:46:59.153Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:59.153Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:59.153Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:46:59.153Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 21:46:59.153Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 21:46:59.668Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
10/7/2020 - 21:47:3.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:3.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:3.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:47:3.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:47:3.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:47:3.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:47:3.481Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
10/7/2020 - 21:47:3.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:3.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:3.481Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\%insfolder%\%insname%
10/7/2020 - 21:47:3.575Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:3.575Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:3.622Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:3.622Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:3.668Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:3.715Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:3.715Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:3.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 21:47:3.809Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:3.809Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:3.856Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 21:47:3.903Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:3.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:3.997Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.43Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:4.90Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:4.137Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\shfolder.dll
10/7/2020 - 21:47:4.137Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 21:47:4.137Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 21:47:4.137Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:47:4.137Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 21:47:4.200Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
10/7/2020 - 21:47:4.200Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.247Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.293Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.340Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.387Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.434Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.481Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.528Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.575Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.622Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:4.668Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 21:47:4.668Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
10/7/2020 - 21:47:4.715Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
10/7/2020 - 21:47:4.715Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:47:4.715Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:47:4.715Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:47:4.715Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:47:4.715Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:47:4.715Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:47:4.715Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 21:47:4.715Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:47:4.715Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:47:4.715Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:47:4.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:47:4.809Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:4.856Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:4.903Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 21:47:4.903Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:4.903Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 21:47:4.903Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 21:47:4.903Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 21:47:4.903Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 21:47:4.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:4.997Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:5.43Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:5.90Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:5.137Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:5.184Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:5.231Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:5.278Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:5.325Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:5.372Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
10/7/2020 - 21:47:5.372Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:5.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
10/7/2020 - 21:47:5.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
10/7/2020 - 21:47:5.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 21:47:5.434Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 21:47:6.215Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:6.215Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:6.215Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)
10/7/2020 - 21:47:6.215Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)
10/7/2020 - 21:47:6.231Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:6.231Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
10/7/2020 - 21:47:6.231Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Torch\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\liebao\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 21:47:6.231Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
10/7/2020 - 21:47:6.247Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 21:47:6.247Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 21:47:6.247Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 21:47:6.247Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 21:47:6.247Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 21:47:6.247Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 21:47:6.247Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\UCBrowser
10/7/2020 - 21:47:6.247Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 21:47:6.309Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
10/7/2020 - 21:47:6.309Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:6.356Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 21:47:6.356Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 21:47:6.356Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Storage
10/7/2020 - 21:47:6.356Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\mail
10/7/2020 - 21:47:6.356Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
10/7/2020 - 21:47:6.356Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
10/7/2020 - 21:47:6.372Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
10/7/2020 - 21:47:6.372Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:6.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:6.465Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
10/7/2020 - 21:47:6.700Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:47:6.747Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:47:6.747Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\The Bat!
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
10/7/2020 - 21:47:6.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor\Folder.lst
10/7/2020 - 21:47:6.762Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
10/7/2020 - 21:47:6.762Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 21:47:6.762Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.762Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.809Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:47:6.856Unknown2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 21:47:6.856Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.903Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.950Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:6.997Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.43Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.90Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.137Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.184Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.231Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.278Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.325Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.372Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.418Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.465Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.559Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.606Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.653Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.700Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 21:47:7.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
10/7/2020 - 21:47:7.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
10/7/2020 - 21:47:7.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
10/7/2020 - 21:47:7.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
10/7/2020 - 21:47:7.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
10/7/2020 - 21:47:7.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:7.809Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.90Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 21:47:8.90Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 21:47:8.90Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 21:47:8.137Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 21:47:8.512Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 21:47:8.512Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:8.559Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 21:47:8.700Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\FTP Navigator\Ftplist.txt
10/7/2020 - 21:47:8.700Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
10/7/2020 - 21:47:8.700Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
10/7/2020 - 21:47:8.700Read2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 21:47:8.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 21:47:8.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 21:47:8.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\cftp\Ftplist.txt
10/7/2020 - 21:47:8.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
10/7/2020 - 21:47:8.747Open2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)\jDownloader\config\database.script

Process
Trace
10/7/2020 - 21:46:52.700Create1480C:\malware.exe2572C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
10/7/2020 - 21:46:0.12Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
10/7/2020 - 21:46:45.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
10/7/2020 - 21:46:45.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
10/7/2020 - 21:46:45.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
10/7/2020 - 21:46:45.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
10/7/2020 - 21:46:45.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
10/7/2020 - 21:46:45.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
10/7/2020 - 21:46:45.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
10/7/2020 - 21:46:45.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
10/7/2020 - 21:46:45.778Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
10/7/2020 - 21:46:45.778Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
10/7/2020 - 21:46:45.778Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
10/7/2020 - 21:46:45.778Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
10/7/2020 - 21:46:45.778Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
10/7/2020 - 21:46:45.778Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
10/7/2020 - 21:46:45.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
10/7/2020 - 21:46:45.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
10/7/2020 - 21:46:45.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
10/7/2020 - 21:46:46.122Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
10/7/2020 - 21:46:46.122Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
10/7/2020 - 21:46:46.122Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
10/7/2020 - 21:46:46.122Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
10/7/2020 - 21:46:46.762Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 21:46:46.762Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 21:46:46.762Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 21:46:46.762Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 21:46:46.762Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 21:46:46.778Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
10/7/2020 - 21:46:46.778Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
10/7/2020 - 21:46:46.778Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
10/7/2020 - 21:46:46.778Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
10/7/2020 - 21:46:47.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
10/7/2020 - 21:46:47.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
10/7/2020 - 21:46:47.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
10/7/2020 - 21:46:47.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code ocsp.pki.goog.
computer localhost arrow_forward computer gateway:DNS code www.google.com.br.
computer localhost arrow_forward computer gateway:50273 code www.google.com.br.

Response
computer gateway:DNS arrow_forward computer localhost code www.google.com.br. reply_all 172.217.29.3

computer gateway:DNS arrow_forward computer localhost code ocsp.pki.goog. reply_all 216.58.202.195


TCP
Info
216.58.202.195:80 arrow_forward computer localhost:65192
172.217.29.3:443 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 172.217.29.3:443
computer localhost:65192 arrow_forward 216.58.202.195:80

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET ocsp.pki.goog attach_file /gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEC%2FWgOrEejwdCAAAAABH8Hs%3D
computer localhost send GET ocsp.pki.goog attach_file /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 43.25%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 52.60%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 62.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 67.76%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download