Report #11332 check_circle

Binary
DLL
False cancel
Size
561.50KB
trid
62.0% Generic CIL Executable
23.4% Win64 Executable
5.5% Win32 Dynamic Link Library
3.8% Win32 Executable
1.7% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
cf4b8b485099dd71f8654c2d160eef1f
sha1
b336591778c4501c336707cd89cabd2dcc2dbb81
crc32
0x324df055
sha224
4f7f38070f281979673059fe1331ad2c382b39ea8954c17451f4e4e5
sha256
1853cf44ad25798a8430a18a2eb3cae08970474f1deff0dae52e2b5ccc1851b2
sha384
34243515df412cfbed4562bddf17cc8bdaca18d6ef0d2c9f47dc9e1e2f60a49d76fcba80c3a5422016a3a153ad6dbd88
sha512
b788e1d118239eac4d502a34f76218a74d2541568a8a8e99bf33c5ee4bef21f7bb089f3a032c3bb6d499b5c7e268ed27f41680af738b31b7cfadd3063a0a57ab
ssdeep
12288:/bGC8ialLx8sPELMyyVkgH50eaBpQp1yUvglU:Dl8ia/8sP8okg6BpSyUQ
Community
Google
False cancel
HashLib
False cancel
YARA
Matches


Suspicious
False cancel

Strings
List


Foremost
Matches
0.exe, 561 KB, 376.png, 333 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed
hasFiles: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2560
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 579950
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed
hasLibs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: False cancel
Value: 0
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 198

pushpopmath
.text: 484

ss register
.text: 4

garbagebytes
.text: 72

hookdetection
.text: 3

software breakpoint
.text: 4

fakeconditionaljumps
.text: 7

programcontrolflowchange
.text: 65

cpuinstructionsresultscomparison
.text: 38

AVclass
masslogger
1
VirusTotal
md5
cf4b8b485099dd71f8654c2d160eef1f
sha1
b336591778c4501c336707cd89cabd2dcc2dbb81
SCANS (DETECTION RATE = 75.71%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200817
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200816
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=84)
update: 20200817
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200816
version: 6.60
detected: True check_circle

Bkav
update: 20200815
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 0056c20e1 )
update: 20200817
version: 11.130.35006
detected: True check_circle

ALYac
result: Gen:Variant.MSILPerseus.227705
update: 20200817
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:PWSX-gen [Trj]
update: 20200817
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Dropper.MSIL.tmjej
update: 20200817
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200815
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/MSIL_Kryptik.BIL.gen!Eldorado
update: 20200817
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.PWS.Siggen2.53250
update: 20200817
version: 7.0.46.3050
detected: True check_circle

GData
result: Gen:Variant.MSILPerseus.227705
update: 20200817
version: A:25.26630B:27.19833
detected: True check_circle

Panda
result: Trj/CI.A
update: 20200816
version: 4.6.4.2
detected: True check_circle

VBA32
result: CIL.HeapOverride.Heur
update: 20200814
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200817
version: 85996
detected: True check_circle

Zoner
update: 20200817
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200816
version: 0.102.4.0
detected: False cancel

Comodo
result: .UnclassifiedMalware@0
update: 20200728
version: 32668
detected: True check_circle

F-Prot
result: W32/MSIL_Kryptik.BIL.gen!Eldorado
update: 20200817
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan-Spy.MassLogger
update: 20200816
version: 0.1.5.2
detected: True check_circle

McAfee
result: Fareit-FXH!CF4B8B485099
update: 20200817
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Crypt!8.2E3 (CLOUD)
update: 20200817
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200817
version: 4.98.0
detected: True check_circle

Yandex
update: 20200707
version: 5.5.2.24
detected: False cancel

Zillya
result: Trojan.Crypt.Win32.64901
update: 20200814
version: 2.0.0.4155
detected: True check_circle

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
result: Trojan:Win32/Kryptik.862cea41
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
update: 20200817
version: 1.0.0.877
detected: False cancel

Cylance
result: Unsafe
update: 20200817
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20200727
version: 4.0.6
detected: True check_circle

FireEye
result: Generic.mg.cf4b8b485099dd71
update: 20200817
version: 32.36.1.0
detected: True check_circle

Sangfor
result: Malware
update: 20200814
version: 1.0
detected: True check_circle

TACHYON
update: 20200817
version: 2020-08-17.01
detected: False cancel

Tencent
result: Msil.Trojan.Crypt.Taox
update: 20200817
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Z.Masslogger.574976
update: 20200816
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Adware.Gen
update: 20200817
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_96%
update: 20200817
detected: True check_circle

Ad-Aware
result: Gen:Variant.MSILPerseus.227705
update: 20200817
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200817
version: 4.2
detected: False cancel

F-Secure
result: Trojan.TR/Dropper.MSIL.tmjej
update: 20200817
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Kryptik.XFP!tr
update: 20200817
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200816
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200817
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200817
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200816
version: 1.11.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.MSIL.R347092
update: 20200816
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
update: 20200817
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan.MSIL.Crypt.gen
update: 20200817
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20200814
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Skeeyah.A!rfn
update: 20200817
version: 1.1.17300.4
detected: True check_circle

Qihoo-360
result: Generic/HEUR/QVM03.0.1082.Malware.Gen
update: 20200817
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.MSIL.Crypt.gen
update: 20200817
version: 1.0
detected: True check_circle

Cybereason
result: malicious.778c45
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.XGH
update: 20200817
version: 21834
detected: True check_circle

TrendMicro
result: TROJ_GEN.R057C0PH820
update: 20200817
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Variant.MSILPerseus.227705
update: 20200817
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200817
version: 11.130.35006
detected: False cancel

SentinelOne
result: DFI - Malicious PE
update: 20200724
version: 4.4.0.0
detected: True check_circle

Malwarebytes
result: Trojan.MalPack
update: 20200817
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200817
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.MSIL
update: 20200816
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20200817
version: 1.0.134.25119
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34152.Jm0@aWva!n
update: 20200805
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.MSILPerseus.227705
update: 20200817
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200814
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R057C0PH820
update: 20200817
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
1853cf44ad25798a8430a18a2eb3cae08970474f1deff0dae52e2b5ccc1851b2
scan_id
1853cf44ad25798a8430a18a2eb3cae08970474f1deff0dae52e2b5ccc1851b2-1597644809
resource
cf4b8b485099dd71f8654c2d160eef1f
positives
53
scan_date
2020-08-17 06:13:29
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/9/2020 - 2:45:44.622Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:45:44.637Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:45:44.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:44.637Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:44.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:44.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:45:44.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:45:44.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:45:44.637Open1480C:\malware.exeC:\
11/9/2020 - 2:45:44.637Unknown1480C:\malware.exeC:\
11/9/2020 - 2:45:44.637Open1480C:\malware.exeC:\Windows
11/9/2020 - 2:45:44.637Unknown1480C:\malware.exeC:\Windows
11/9/2020 - 2:45:44.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:44.637Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:46.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:45:46.372Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.372Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.372Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.372Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.372Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.372Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.372Open1480C:\malware.exeC:\malware.exe.config
11/9/2020 - 2:45:46.372Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/9/2020 - 2:45:46.387Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:46.387Unknown1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:45:46.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
11/9/2020 - 2:45:46.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
11/9/2020 - 2:45:46.450Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
11/9/2020 - 2:45:46.684Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:45:46.840Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.668Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:48.715Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:48.762Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:48.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.481Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:49.481Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:49.481Open1480C:\malware.exeC:\
11/9/2020 - 2:45:49.481Unknown1480C:\malware.exeC:\
11/9/2020 - 2:45:49.481Open1480C:\malware.exeC:\Monitor
11/9/2020 - 2:45:49.481Unknown1480C:\malware.exeC:\Monitor
11/9/2020 - 2:45:49.481Open1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:49.481Unknown1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:49.481Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:49.481Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:49.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
11/9/2020 - 2:45:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:45:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:45:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:45:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:45:49.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:45:49.809Open1480C:\malware.exeC:\malware.config
11/9/2020 - 2:45:49.809Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:49.809Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:49.809Open1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:49.809Unknown1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:49.809Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
11/9/2020 - 2:45:49.809Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:49.809Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:49.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:45:49.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:45:49.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:45:49.825Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:45:49.825Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:49.825Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:49.825Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:49.825Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
11/9/2020 - 2:45:49.825Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/9/2020 - 2:45:49.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:45:49.840Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:49.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:49.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:45:49.840Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:45:49.840Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.903Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.43Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:51.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:52.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:52.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:52.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:52.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:52.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:52.997Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:52.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:53.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:53.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:54.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.950Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
11/9/2020 - 2:45:55.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:58.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:58.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:58.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:58.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:58.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:58.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:58.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:58.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:58.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.137Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
11/9/2020 - 2:45:59.137Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:45:59.137Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:45:59.137Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:45:59.137Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:45:59.137Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\ShFolder.DLL
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:59.184Unknown1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:59.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:59.184Unknown1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:59.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:59.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:59.184Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/9/2020 - 2:45:59.184Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/9/2020 - 2:45:59.200Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/9/2020 - 2:45:59.200Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/9/2020 - 2:45:59.200Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/9/2020 - 2:45:59.200Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/9/2020 - 2:45:59.200Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:59.200Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:59.200Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:59.200Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:59.200Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:59.215Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:59.262Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:59.262Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/9/2020 - 2:45:59.262Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/9/2020 - 2:45:59.262Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/9/2020 - 2:45:59.403Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/9/2020 - 2:45:59.450Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/9/2020 - 2:45:59.450Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/9/2020 - 2:45:59.450Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/9/2020 - 2:45:59.543Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/9/2020 - 2:45:59.590Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/9/2020 - 2:45:59.590Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/9/2020 - 2:45:59.590Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/9/2020 - 2:45:59.731Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/9/2020 - 2:45:59.778Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/9/2020 - 2:45:59.778Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/9/2020 - 2:45:59.778Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/9/2020 - 2:45:59.918Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/9/2020 - 2:45:59.965Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/9/2020 - 2:45:59.965Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/9/2020 - 2:45:59.965Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/9/2020 - 2:46:0.59Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/9/2020 - 2:46:0.59Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/9/2020 - 2:46:0.59Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/9/2020 - 2:46:0.59Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/9/2020 - 2:46:0.153Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/9/2020 - 2:46:0.153Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/9/2020 - 2:46:0.153Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/9/2020 - 2:46:0.153Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/9/2020 - 2:46:0.247Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/9/2020 - 2:46:0.247Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/9/2020 - 2:46:0.247Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/9/2020 - 2:46:0.247Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/9/2020 - 2:46:0.387Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/9/2020 - 2:46:0.387Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/9/2020 - 2:46:0.387Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/9/2020 - 2:46:0.387Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/9/2020 - 2:46:0.528Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/9/2020 - 2:46:0.575Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/9/2020 - 2:46:0.575Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/9/2020 - 2:46:0.575Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/9/2020 - 2:46:0.668Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/9/2020 - 2:46:0.715Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/9/2020 - 2:46:0.715Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/9/2020 - 2:46:0.715Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/9/2020 - 2:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/9/2020 - 2:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/9/2020 - 2:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/9/2020 - 2:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/9/2020 - 2:46:0.903Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/9/2020 - 2:46:0.903Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:46:0.903Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:46:0.903Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:46:1.465Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:46:1.887Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:46:1.934Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:46:1.981Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:46:1.981Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/9/2020 - 2:46:1.981Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/9/2020 - 2:46:1.981Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/9/2020 - 2:46:2.75Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/9/2020 - 2:46:2.75Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/9/2020 - 2:46:2.75Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/9/2020 - 2:46:2.75Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/9/2020 - 2:46:2.215Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/9/2020 - 2:46:2.215Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/9/2020 - 2:46:2.215Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/9/2020 - 2:46:2.215Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/9/2020 - 2:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/9/2020 - 2:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/9/2020 - 2:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/9/2020 - 2:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/9/2020 - 2:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/9/2020 - 2:46:2.450Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/9/2020 - 2:46:2.450Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/9/2020 - 2:46:2.450Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/9/2020 - 2:46:2.543Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/9/2020 - 2:46:2.590Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/9/2020 - 2:46:2.590Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/9/2020 - 2:46:2.590Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/9/2020 - 2:46:2.684Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/9/2020 - 2:46:2.684Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/9/2020 - 2:46:2.684Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/9/2020 - 2:46:2.684Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/9/2020 - 2:46:2.778Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/9/2020 - 2:46:2.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/9/2020 - 2:46:2.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/9/2020 - 2:46:2.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/9/2020 - 2:46:2.872Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/9/2020 - 2:46:2.918Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/9/2020 - 2:46:2.918Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/9/2020 - 2:46:2.918Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/9/2020 - 2:46:3.12Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/9/2020 - 2:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/9/2020 - 2:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/9/2020 - 2:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/9/2020 - 2:46:3.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/9/2020 - 2:46:3.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/9/2020 - 2:46:3.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/9/2020 - 2:46:3.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/9/2020 - 2:46:3.247Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/9/2020 - 2:46:3.247Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/9/2020 - 2:46:3.247Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/9/2020 - 2:46:3.247Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/9/2020 - 2:46:3.340Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/9/2020 - 2:46:3.340Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/9/2020 - 2:46:3.340Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/9/2020 - 2:46:3.340Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/9/2020 - 2:46:3.434Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/9/2020 - 2:46:3.434Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/9/2020 - 2:46:3.434Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/9/2020 - 2:46:3.434Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/9/2020 - 2:46:3.528Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/9/2020 - 2:46:3.575Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:3.575Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:3.575Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:3.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/9/2020 - 2:46:4.278Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/9/2020 - 2:46:4.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/9/2020 - 2:46:4.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/9/2020 - 2:46:4.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/9/2020 - 2:46:4.559Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/9/2020 - 2:46:4.606Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/9/2020 - 2:46:4.606Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/9/2020 - 2:46:4.606Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/9/2020 - 2:46:4.700Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/9/2020 - 2:46:4.747Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:4.747Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:4.747Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:5.403Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:6.106Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:6.481Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:6.903Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:7.278Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:7.278Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:7.278Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:8.637Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:9.12Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:9.434Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/9/2020 - 2:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/9/2020 - 2:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/9/2020 - 2:46:9.950Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/9/2020 - 2:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:10.325Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:10.653Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/9/2020 - 2:46:10.653Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/9/2020 - 2:46:10.653Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/9/2020 - 2:46:11.28Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/9/2020 - 2:46:11.309Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:11.309Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:11.309Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:11.684Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:12.59Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/9/2020 - 2:46:12.59Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/9/2020 - 2:46:12.59Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/9/2020 - 2:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/9/2020 - 2:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:12.809Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:13.325Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:13.700Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:13.700Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:13.700Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:13.700Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:13.700Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:14.215Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:14.637Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/9/2020 - 2:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/9/2020 - 2:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/9/2020 - 2:46:14.825Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/9/2020 - 2:46:14.918Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:14.918Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:14.918Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:15.340Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:15.668Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/9/2020 - 2:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/9/2020 - 2:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/9/2020 - 2:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/9/2020 - 2:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/9/2020 - 2:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/9/2020 - 2:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/9/2020 - 2:46:16.934Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/9/2020 - 2:46:16.934Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/9/2020 - 2:46:16.934Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/9/2020 - 2:46:16.934Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/9/2020 - 2:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/9/2020 - 2:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/9/2020 - 2:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/9/2020 - 2:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/9/2020 - 2:46:17.168Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/9/2020 - 2:46:17.262Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/9/2020 - 2:46:17.262Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/9/2020 - 2:46:17.262Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/9/2020 - 2:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/9/2020 - 2:46:17.450Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/9/2020 - 2:46:17.450Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/9/2020 - 2:46:17.450Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/9/2020 - 2:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/9/2020 - 2:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/9/2020 - 2:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/9/2020 - 2:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/9/2020 - 2:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/9/2020 - 2:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/9/2020 - 2:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/9/2020 - 2:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/9/2020 - 2:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/9/2020 - 2:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/9/2020 - 2:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/9/2020 - 2:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/9/2020 - 2:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/9/2020 - 2:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/9/2020 - 2:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/9/2020 - 2:46:17.918Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/9/2020 - 2:46:18.59Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/9/2020 - 2:46:18.200Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/9/2020 - 2:46:18.200Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/9/2020 - 2:46:18.200Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/9/2020 - 2:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/9/2020 - 2:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/9/2020 - 2:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/9/2020 - 2:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/9/2020 - 2:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/9/2020 - 2:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/9/2020 - 2:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/9/2020 - 2:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/9/2020 - 2:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/9/2020 - 2:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/9/2020 - 2:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/9/2020 - 2:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/9/2020 - 2:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/9/2020 - 2:46:18.950Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/9/2020 - 2:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/9/2020 - 2:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/9/2020 - 2:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/9/2020 - 2:46:19.137Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/9/2020 - 2:46:19.231Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:19.231Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:19.231Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/9/2020 - 2:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/9/2020 - 2:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/9/2020 - 2:46:19.747Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/9/2020 - 2:46:19.934Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/9/2020 - 2:46:19.934Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/9/2020 - 2:46:19.934Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/9/2020 - 2:46:20.28Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/9/2020 - 2:46:20.28Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/9/2020 - 2:46:20.28Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/9/2020 - 2:46:20.28Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/9/2020 - 2:46:20.122Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/9/2020 - 2:46:20.122Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/9/2020 - 2:46:20.122Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/9/2020 - 2:46:20.122Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/9/2020 - 2:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/9/2020 - 2:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/9/2020 - 2:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/9/2020 - 2:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/9/2020 - 2:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/9/2020 - 2:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/9/2020 - 2:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/9/2020 - 2:46:20.215Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/9/2020 - 2:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/9/2020 - 2:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/9/2020 - 2:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/9/2020 - 2:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/9/2020 - 2:46:20.497Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/9/2020 - 2:46:20.497Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/9/2020 - 2:46:20.497Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/9/2020 - 2:46:20.497Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/9/2020 - 2:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/9/2020 - 2:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/9/2020 - 2:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/9/2020 - 2:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/9/2020 - 2:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/9/2020 - 2:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/9/2020 - 2:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/9/2020 - 2:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/9/2020 - 2:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/9/2020 - 2:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/9/2020 - 2:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/9/2020 - 2:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/9/2020 - 2:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/9/2020 - 2:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/9/2020 - 2:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/9/2020 - 2:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/9/2020 - 2:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/9/2020 - 2:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/9/2020 - 2:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/9/2020 - 2:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/9/2020 - 2:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/9/2020 - 2:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/9/2020 - 2:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/9/2020 - 2:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/9/2020 - 2:46:21.340Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/9/2020 - 2:46:21.340Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/9/2020 - 2:46:21.340Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/9/2020 - 2:46:21.340Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/9/2020 - 2:46:21.481Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/9/2020 - 2:46:21.481Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:21.481Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:21.481Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:21.528Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:21.528Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/9/2020 - 2:46:21.528Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/9/2020 - 2:46:21.528Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/9/2020 - 2:46:21.575Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/9/2020 - 2:46:21.762Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/9/2020 - 2:46:21.762Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/9/2020 - 2:46:21.762Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/9/2020 - 2:46:21.762Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/9/2020 - 2:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/9/2020 - 2:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/9/2020 - 2:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/9/2020 - 2:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/9/2020 - 2:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/9/2020 - 2:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/9/2020 - 2:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/9/2020 - 2:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/9/2020 - 2:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/9/2020 - 2:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/9/2020 - 2:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/9/2020 - 2:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/9/2020 - 2:46:22.137Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/9/2020 - 2:46:22.137Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/9/2020 - 2:46:22.137Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/9/2020 - 2:46:22.137Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/9/2020 - 2:46:22.231Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/9/2020 - 2:46:22.231Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/9/2020 - 2:46:22.231Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/9/2020 - 2:46:22.231Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/9/2020 - 2:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/9/2020 - 2:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/9/2020 - 2:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/9/2020 - 2:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/9/2020 - 2:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/9/2020 - 2:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/9/2020 - 2:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/9/2020 - 2:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/9/2020 - 2:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/9/2020 - 2:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/9/2020 - 2:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/9/2020 - 2:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/9/2020 - 2:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/9/2020 - 2:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/9/2020 - 2:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/9/2020 - 2:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/9/2020 - 2:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/9/2020 - 2:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/9/2020 - 2:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/9/2020 - 2:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/9/2020 - 2:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/9/2020 - 2:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/9/2020 - 2:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/9/2020 - 2:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/9/2020 - 2:46:22.934Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/9/2020 - 2:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/9/2020 - 2:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/9/2020 - 2:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/9/2020 - 2:46:23.122Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/9/2020 - 2:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/9/2020 - 2:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/9/2020 - 2:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/9/2020 - 2:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/9/2020 - 2:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/9/2020 - 2:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/9/2020 - 2:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/9/2020 - 2:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/9/2020 - 2:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/9/2020 - 2:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/9/2020 - 2:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/9/2020 - 2:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/9/2020 - 2:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/9/2020 - 2:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/9/2020 - 2:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/9/2020 - 2:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/9/2020 - 2:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/9/2020 - 2:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/9/2020 - 2:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/9/2020 - 2:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/9/2020 - 2:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/9/2020 - 2:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/9/2020 - 2:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/9/2020 - 2:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/9/2020 - 2:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/9/2020 - 2:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/9/2020 - 2:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/9/2020 - 2:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/9/2020 - 2:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/9/2020 - 2:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/9/2020 - 2:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/9/2020 - 2:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/9/2020 - 2:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/9/2020 - 2:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/9/2020 - 2:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/9/2020 - 2:46:24.59Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/9/2020 - 2:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/9/2020 - 2:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/9/2020 - 2:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/9/2020 - 2:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/9/2020 - 2:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/9/2020 - 2:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/9/2020 - 2:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/9/2020 - 2:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/9/2020 - 2:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/9/2020 - 2:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/9/2020 - 2:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/9/2020 - 2:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/9/2020 - 2:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/9/2020 - 2:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/9/2020 - 2:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/9/2020 - 2:46:24.575Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/9/2020 - 2:46:24.575Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/9/2020 - 2:46:24.575Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/9/2020 - 2:46:24.575Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/9/2020 - 2:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/9/2020 - 2:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/9/2020 - 2:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/9/2020 - 2:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/9/2020 - 2:46:24.762Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/9/2020 - 2:46:24.762Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/9/2020 - 2:46:24.762Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/9/2020 - 2:46:24.762Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/9/2020 - 2:46:24.950Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/9/2020 - 2:46:24.950Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/9/2020 - 2:46:24.950Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/9/2020 - 2:46:24.950Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/9/2020 - 2:46:25.90Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/9/2020 - 2:46:25.278Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/9/2020 - 2:46:25.278Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/9/2020 - 2:46:25.278Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/9/2020 - 2:46:25.372Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/9/2020 - 2:46:25.372Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/9/2020 - 2:46:25.372Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/9/2020 - 2:46:25.372Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/9/2020 - 2:46:25.465Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/9/2020 - 2:46:25.465Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/9/2020 - 2:46:25.465Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/9/2020 - 2:46:25.465Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/9/2020 - 2:46:25.559Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/9/2020 - 2:46:25.559Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/9/2020 - 2:46:25.559Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/9/2020 - 2:46:25.559Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/9/2020 - 2:46:25.700Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/9/2020 - 2:46:25.840Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/9/2020 - 2:46:25.840Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/9/2020 - 2:46:25.840Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/9/2020 - 2:46:25.981Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/9/2020 - 2:46:26.122Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/9/2020 - 2:46:26.122Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/9/2020 - 2:46:26.122Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/9/2020 - 2:46:26.215Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/9/2020 - 2:46:26.215Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/9/2020 - 2:46:26.215Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/9/2020 - 2:46:26.215Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/9/2020 - 2:46:26.309Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/9/2020 - 2:46:26.309Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/9/2020 - 2:46:26.309Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/9/2020 - 2:46:26.309Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/9/2020 - 2:46:26.403Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/9/2020 - 2:46:26.403Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/9/2020 - 2:46:26.403Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/9/2020 - 2:46:26.403Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/9/2020 - 2:46:26.497Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/9/2020 - 2:46:26.497Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/9/2020 - 2:46:26.497Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/9/2020 - 2:46:26.497Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/9/2020 - 2:46:26.590Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/9/2020 - 2:46:26.590Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/9/2020 - 2:46:26.590Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/9/2020 - 2:46:26.590Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/9/2020 - 2:46:26.684Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/9/2020 - 2:46:26.684Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/9/2020 - 2:46:26.684Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/9/2020 - 2:46:26.684Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/9/2020 - 2:46:26.778Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/9/2020 - 2:46:26.778Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/9/2020 - 2:46:26.778Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/9/2020 - 2:46:26.778Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/9/2020 - 2:46:26.872Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/9/2020 - 2:46:26.872Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/9/2020 - 2:46:26.872Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/9/2020 - 2:46:26.872Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/9/2020 - 2:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/9/2020 - 2:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/9/2020 - 2:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/9/2020 - 2:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/9/2020 - 2:46:27.59Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/9/2020 - 2:46:27.59Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/9/2020 - 2:46:27.59Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/9/2020 - 2:46:27.59Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/9/2020 - 2:46:27.153Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/9/2020 - 2:46:27.153Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/9/2020 - 2:46:27.153Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/9/2020 - 2:46:27.153Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/9/2020 - 2:46:27.247Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/9/2020 - 2:46:27.247Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/9/2020 - 2:46:27.247Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/9/2020 - 2:46:27.247Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/9/2020 - 2:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/9/2020 - 2:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/9/2020 - 2:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/9/2020 - 2:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/9/2020 - 2:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/9/2020 - 2:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/9/2020 - 2:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/9/2020 - 2:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/9/2020 - 2:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/9/2020 - 2:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/9/2020 - 2:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/9/2020 - 2:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/9/2020 - 2:46:28.497Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/9/2020 - 2:46:28.497Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/9/2020 - 2:46:28.497Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/9/2020 - 2:46:28.497Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/9/2020 - 2:46:28.590Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/9/2020 - 2:46:28.590Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/9/2020 - 2:46:28.590Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/9/2020 - 2:46:28.590Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/9/2020 - 2:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/9/2020 - 2:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/9/2020 - 2:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/9/2020 - 2:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/9/2020 - 2:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/9/2020 - 2:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/9/2020 - 2:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/9/2020 - 2:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/9/2020 - 2:46:28.872Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/9/2020 - 2:46:28.872Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/9/2020 - 2:46:28.872Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/9/2020 - 2:46:28.872Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/9/2020 - 2:46:28.965Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/9/2020 - 2:46:28.965Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/9/2020 - 2:46:28.965Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/9/2020 - 2:46:28.965Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/9/2020 - 2:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/9/2020 - 2:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/9/2020 - 2:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/9/2020 - 2:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/9/2020 - 2:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/9/2020 - 2:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/9/2020 - 2:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/9/2020 - 2:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/9/2020 - 2:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/9/2020 - 2:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/9/2020 - 2:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/9/2020 - 2:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/9/2020 - 2:46:29.340Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/9/2020 - 2:46:29.340Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/9/2020 - 2:46:29.340Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/9/2020 - 2:46:29.340Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/9/2020 - 2:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/9/2020 - 2:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/9/2020 - 2:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/9/2020 - 2:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/9/2020 - 2:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/9/2020 - 2:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/9/2020 - 2:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/9/2020 - 2:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/9/2020 - 2:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/9/2020 - 2:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/9/2020 - 2:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/9/2020 - 2:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/9/2020 - 2:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/9/2020 - 2:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/9/2020 - 2:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/9/2020 - 2:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/9/2020 - 2:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/9/2020 - 2:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/9/2020 - 2:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/9/2020 - 2:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/9/2020 - 2:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/9/2020 - 2:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/9/2020 - 2:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/9/2020 - 2:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/9/2020 - 2:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/9/2020 - 2:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/9/2020 - 2:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/9/2020 - 2:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/9/2020 - 2:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/9/2020 - 2:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/9/2020 - 2:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/9/2020 - 2:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/9/2020 - 2:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/9/2020 - 2:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/9/2020 - 2:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/9/2020 - 2:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/9/2020 - 2:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/9/2020 - 2:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/9/2020 - 2:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/9/2020 - 2:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/9/2020 - 2:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/9/2020 - 2:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/9/2020 - 2:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/9/2020 - 2:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/9/2020 - 2:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/9/2020 - 2:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/9/2020 - 2:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/9/2020 - 2:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/9/2020 - 2:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/9/2020 - 2:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/9/2020 - 2:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/9/2020 - 2:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/9/2020 - 2:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/9/2020 - 2:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/9/2020 - 2:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/9/2020 - 2:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/9/2020 - 2:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/9/2020 - 2:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/9/2020 - 2:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/9/2020 - 2:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/9/2020 - 2:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/9/2020 - 2:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/9/2020 - 2:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/9/2020 - 2:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/9/2020 - 2:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/9/2020 - 2:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/9/2020 - 2:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/9/2020 - 2:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/9/2020 - 2:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/9/2020 - 2:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/9/2020 - 2:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/9/2020 - 2:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/9/2020 - 2:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/9/2020 - 2:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/9/2020 - 2:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/9/2020 - 2:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/9/2020 - 2:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/9/2020 - 2:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/9/2020 - 2:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/9/2020 - 2:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/9/2020 - 2:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/9/2020 - 2:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/9/2020 - 2:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/9/2020 - 2:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/9/2020 - 2:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/9/2020 - 2:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/9/2020 - 2:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/9/2020 - 2:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/9/2020 - 2:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/9/2020 - 2:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/9/2020 - 2:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/9/2020 - 2:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/9/2020 - 2:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/9/2020 - 2:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/9/2020 - 2:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/9/2020 - 2:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/9/2020 - 2:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/9/2020 - 2:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/9/2020 - 2:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/9/2020 - 2:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/9/2020 - 2:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/9/2020 - 2:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/9/2020 - 2:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/9/2020 - 2:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/9/2020 - 2:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/9/2020 - 2:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/9/2020 - 2:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/9/2020 - 2:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/9/2020 - 2:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/9/2020 - 2:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/9/2020 - 2:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/9/2020 - 2:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/9/2020 - 2:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/9/2020 - 2:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/9/2020 - 2:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/9/2020 - 2:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/9/2020 - 2:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/9/2020 - 2:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/9/2020 - 2:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/9/2020 - 2:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/9/2020 - 2:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/9/2020 - 2:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/9/2020 - 2:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/9/2020 - 2:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/9/2020 - 2:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/9/2020 - 2:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/9/2020 - 2:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/9/2020 - 2:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/9/2020 - 2:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/9/2020 - 2:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/9/2020 - 2:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/9/2020 - 2:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/9/2020 - 2:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/9/2020 - 2:46:32.997Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/9/2020 - 2:46:32.997Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/9/2020 - 2:46:32.997Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/9/2020 - 2:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/9/2020 - 2:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/9/2020 - 2:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/9/2020 - 2:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/9/2020 - 2:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/9/2020 - 2:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/9/2020 - 2:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/9/2020 - 2:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/9/2020 - 2:46:33.184Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/9/2020 - 2:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/9/2020 - 2:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/9/2020 - 2:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/9/2020 - 2:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/9/2020 - 2:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/9/2020 - 2:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/9/2020 - 2:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/9/2020 - 2:46:33.840Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/9/2020 - 2:46:34.28Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/9/2020 - 2:46:34.28Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/9/2020 - 2:46:34.28Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/9/2020 - 2:46:34.168Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/9/2020 - 2:46:34.356Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:34.356Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:34.356Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:34.684Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:34.918Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/9/2020 - 2:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/9/2020 - 2:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/9/2020 - 2:46:35.340Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/9/2020 - 2:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/9/2020 - 2:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/9/2020 - 2:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/9/2020 - 2:46:35.715Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/9/2020 - 2:46:36.43Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/9/2020 - 2:46:36.43Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/9/2020 - 2:46:36.43Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/9/2020 - 2:46:36.137Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/9/2020 - 2:46:36.372Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/9/2020 - 2:46:36.372Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/9/2020 - 2:46:36.372Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/9/2020 - 2:46:36.465Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/9/2020 - 2:46:36.465Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/9/2020 - 2:46:36.465Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/9/2020 - 2:46:36.465Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/9/2020 - 2:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/9/2020 - 2:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/9/2020 - 2:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/9/2020 - 2:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/9/2020 - 2:46:36.653Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/9/2020 - 2:46:36.653Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/9/2020 - 2:46:36.653Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/9/2020 - 2:46:36.653Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/9/2020 - 2:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/9/2020 - 2:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/9/2020 - 2:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/9/2020 - 2:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/9/2020 - 2:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/9/2020 - 2:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/9/2020 - 2:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/9/2020 - 2:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/9/2020 - 2:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/9/2020 - 2:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/9/2020 - 2:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/9/2020 - 2:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/9/2020 - 2:46:36.981Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/9/2020 - 2:46:37.28Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/9/2020 - 2:46:37.28Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/9/2020 - 2:46:37.28Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/9/2020 - 2:46:37.168Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/9/2020 - 2:46:37.215Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/9/2020 - 2:46:37.215Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/9/2020 - 2:46:37.215Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/9/2020 - 2:46:37.356Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/9/2020 - 2:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/9/2020 - 2:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/9/2020 - 2:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/9/2020 - 2:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/9/2020 - 2:46:37.590Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/9/2020 - 2:46:37.590Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/9/2020 - 2:46:37.590Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/9/2020 - 2:46:37.684Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/9/2020 - 2:46:37.778Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/9/2020 - 2:46:37.778Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/9/2020 - 2:46:37.778Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/9/2020 - 2:46:37.872Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/9/2020 - 2:46:37.965Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/9/2020 - 2:46:37.965Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/9/2020 - 2:46:37.965Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/9/2020 - 2:46:38.59Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/9/2020 - 2:46:38.153Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/9/2020 - 2:46:38.153Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/9/2020 - 2:46:38.153Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/9/2020 - 2:46:38.247Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/9/2020 - 2:46:38.340Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/9/2020 - 2:46:38.340Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/9/2020 - 2:46:38.340Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/9/2020 - 2:46:38.434Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/9/2020 - 2:46:38.481Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/9/2020 - 2:46:38.481Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/9/2020 - 2:46:38.481Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/9/2020 - 2:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/9/2020 - 2:46:38.622Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/9/2020 - 2:46:38.622Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/9/2020 - 2:46:38.622Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/9/2020 - 2:46:38.715Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/9/2020 - 2:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/9/2020 - 2:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/9/2020 - 2:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/9/2020 - 2:46:38.856Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/9/2020 - 2:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/9/2020 - 2:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/9/2020 - 2:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/9/2020 - 2:46:38.997Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/9/2020 - 2:46:38.997Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/9/2020 - 2:46:38.997Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/9/2020 - 2:46:38.997Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/9/2020 - 2:46:39.90Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/9/2020 - 2:46:39.90Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/9/2020 - 2:46:39.90Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/9/2020 - 2:46:39.90Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/9/2020 - 2:46:39.231Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/9/2020 - 2:46:40.825Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/9/2020 - 2:46:40.825Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/9/2020 - 2:46:40.825Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/9/2020 - 2:46:40.918Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/9/2020 - 2:46:40.918Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/9/2020 - 2:46:40.918Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/9/2020 - 2:46:40.918Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/9/2020 - 2:46:41.12Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/9/2020 - 2:46:41.12Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/9/2020 - 2:46:41.12Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/9/2020 - 2:46:41.12Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/9/2020 - 2:46:41.106Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/9/2020 - 2:46:41.106Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/9/2020 - 2:46:41.106Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/9/2020 - 2:46:41.106Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/9/2020 - 2:46:41.200Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/9/2020 - 2:46:41.200Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/9/2020 - 2:46:41.200Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/9/2020 - 2:46:41.200Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/9/2020 - 2:46:41.340Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/9/2020 - 2:46:41.340Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/9/2020 - 2:46:41.340Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/9/2020 - 2:46:41.340Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/9/2020 - 2:46:41.481Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/9/2020 - 2:46:41.481Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/9/2020 - 2:46:41.481Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/9/2020 - 2:46:41.481Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/9/2020 - 2:46:41.622Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/9/2020 - 2:46:41.622Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/9/2020 - 2:46:41.622Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/9/2020 - 2:46:41.622Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/9/2020 - 2:46:41.762Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/9/2020 - 2:46:41.762Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/9/2020 - 2:46:41.762Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/9/2020 - 2:46:41.762Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/9/2020 - 2:46:41.856Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/9/2020 - 2:46:41.856Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/9/2020 - 2:46:41.856Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/9/2020 - 2:46:41.856Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/9/2020 - 2:46:41.950Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/9/2020 - 2:46:41.950Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/9/2020 - 2:46:41.950Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/9/2020 - 2:46:41.950Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/9/2020 - 2:46:42.43Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/9/2020 - 2:46:42.43Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/9/2020 - 2:46:42.43Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/9/2020 - 2:46:42.43Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/9/2020 - 2:46:42.137Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/9/2020 - 2:46:42.137Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/9/2020 - 2:46:42.137Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/9/2020 - 2:46:42.137Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/9/2020 - 2:46:42.231Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/9/2020 - 2:46:42.231Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/9/2020 - 2:46:42.231Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/9/2020 - 2:46:42.231Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/9/2020 - 2:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/9/2020 - 2:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/9/2020 - 2:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/9/2020 - 2:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/9/2020 - 2:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/9/2020 - 2:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/9/2020 - 2:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/9/2020 - 2:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/9/2020 - 2:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/9/2020 - 2:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/9/2020 - 2:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/9/2020 - 2:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/9/2020 - 2:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/9/2020 - 2:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/9/2020 - 2:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/9/2020 - 2:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/9/2020 - 2:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/9/2020 - 2:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/9/2020 - 2:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/9/2020 - 2:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/9/2020 - 2:46:42.981Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/9/2020 - 2:46:42.981Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/9/2020 - 2:46:42.981Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.28Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.75Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.122Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/9/2020 - 2:46:43.122Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.168Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.215Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.262Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.309Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.356Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.403Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.450Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/9/2020 - 2:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/9/2020 - 2:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/9/2020 - 2:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:43.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:43.965Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:43.965Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:43.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:44.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:44.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:44.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:44.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:44.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:44.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:45.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:46.153Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:46.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:46.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:46.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:46.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:46.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.387Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.434Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.481Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.575Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.668Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:46.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:46.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:46.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:46.903Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:46.903Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.903Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:46:46.950Open1480C:\malware.exeC:\VERSION.dll
11/9/2020 - 2:46:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:46:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:46:46.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:46.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.997Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:46.997Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:46.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:47.840Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:46:47.840Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/9/2020 - 2:46:48.28Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/9/2020 - 2:46:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.497Open1480C:\malware.exeC:\malware.config
11/9/2020 - 2:46:48.497Open1480C:\malware.exeC:\pt-BR\LEmZq.resources.dll
11/9/2020 - 2:46:48.497Open1480C:\malware.exeC:\pt-BR\LEmZq.resources\LEmZq.resources.dll
11/9/2020 - 2:46:48.497Open1480C:\malware.exeC:\pt-BR\LEmZq.resources.exe
11/9/2020 - 2:46:48.497Open1480C:\malware.exeC:\pt-BR\LEmZq.resources\LEmZq.resources.exe
11/9/2020 - 2:46:48.497Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:46:48.497Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:48.637Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:48.637Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:48.637Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\pt\LEmZq.resources.dll
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\pt\LEmZq.resources\LEmZq.resources.dll
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\pt\LEmZq.resources.exe
11/9/2020 - 2:46:48.637Open1480C:\malware.exeC:\pt\LEmZq.resources\LEmZq.resources.exe
11/9/2020 - 2:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:48.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:49.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:49.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.247Open1480C:\malware.exeC:\WindowsCodecs.dll
11/9/2020 - 2:47:30.247Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/9/2020 - 2:47:30.247Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/9/2020 - 2:47:30.247Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/9/2020 - 2:47:30.247Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/9/2020 - 2:47:30.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:30.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:30.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:31.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.497Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
11/9/2020 - 2:47:32.543Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:32.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:32.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:32.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:32.731Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:32.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:32.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:32.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:32.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:32.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:32.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:32.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:32.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:32.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:32.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:32.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:32.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:32.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:32.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:32.965Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:33.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:33.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:34.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:34.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:35.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:35.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.590Open1480C:\malware.exeC:\ntdll.dll
11/9/2020 - 2:47:35.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
11/9/2020 - 2:47:35.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:35.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\pt-BR\Loreal.resources.dll
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\pt-BR\Loreal.resources\Loreal.resources.dll
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\pt-BR\Loreal.resources.exe
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\pt-BR\Loreal.resources\Loreal.resources.exe
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\pt\Loreal.resources.dll
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\pt\Loreal.resources\Loreal.resources.dll
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\pt\Loreal.resources.exe
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\pt\Loreal.resources\Loreal.resources.exe
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\iSFKdXfkTGTpUIpMXiawNweqfchq.dll
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\iSFKdXfkTGTpUIpMXiawNweqfchq\iSFKdXfkTGTpUIpMXiawNweqfchq.dll
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\iSFKdXfkTGTpUIpMXiawNweqfchq.exe
11/9/2020 - 2:47:35.918Open1480C:\malware.exeC:\iSFKdXfkTGTpUIpMXiawNweqfchq\iSFKdXfkTGTpUIpMXiawNweqfchq.exe
11/9/2020 - 2:47:35.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:35.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.637Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\
11/9/2020 - 2:47:36.637Unknown1480C:\malware.exeC:\
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.637Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.637Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:36.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:36.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ui\SwDRM.dll
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:47:36.637Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Prefetch\REGSVCS.EXE-6C19C8B1.pf
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64log.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:36.684Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.684Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:36.684Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:36.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:36.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:36.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1117921
11/9/2020 - 2:47:36.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1117921
11/9/2020 - 2:47:36.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1117921
11/9/2020 - 2:47:36.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:47:36.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:36.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:47:36.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:36.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/9/2020 - 2:47:36.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:47:36.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:47:36.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
11/9/2020 - 2:47:36.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:47:36.715Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.715Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:47:36.715Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.715Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:36.715Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:36.715Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:47:36.762Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.762Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:36.762Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
11/9/2020 - 2:47:36.762Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
11/9/2020 - 2:47:36.762Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:47:36.762Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\CRYPTSP.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.762Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.778Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.778Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.778Open1480C:\malware.exeC:\RpcRtRemote.dll
11/9/2020 - 2:47:36.778Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:47:36.778Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:47:36.778Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:47:36.778Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:47:36.825Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:36.825Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.825Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\l_intl.nls
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CRYPTSP.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.825Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\pubpol4.dat
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:36.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:47:36.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:36.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:36.903Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:36.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:36.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.950Unknown1480C:\malware.exeC:\Windows
11/9/2020 - 2:47:36.950Unknown1480C:\malware.exeC:\Monitor
11/9/2020 - 2:47:36.950Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.950Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:36.950Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:47:36.950Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:36.997Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:37.43Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:37.90Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:37.137Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:37.184Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:47:37.231Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:47:37.231Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\pt-br.nlp
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:47:37.231Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:47:37.231Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:37.231Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:37.231Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:37.231Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:37.231Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:37.231Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:37.231Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:37.231Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\bcrypt.dll
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
11/9/2020 - 2:47:37.231Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
11/9/2020 - 2:47:37.278Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.325Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.372Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.418Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.465Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.512Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.559Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.606Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.653Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:37.747Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\dwmapi.dll
11/9/2020 - 2:47:37.747Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
11/9/2020 - 2:47:37.747Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
11/9/2020 - 2:47:37.747Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:37.793Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:37.840Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:37.887Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:37.934Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:37.981Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:38.28Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:38.75Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:38.122Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:38.168Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:38.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:38.262Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:38.309Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:38.309Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:38.309Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:38.309Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:38.309Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:38.309Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:38.356Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:38.356Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:38.403Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:38.450Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:38.497Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:49.918Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
11/9/2020 - 2:47:49.918Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:49.918Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:49.918Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:49.918Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:50.12Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RpcRtRemote.dll
11/9/2020 - 2:47:50.12Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:47:50.12Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:47:50.12Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:47:50.12Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:47:50.59Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
11/9/2020 - 2:47:50.59Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
11/9/2020 - 2:47:50.59Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
11/9/2020 - 2:47:50.59Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
11/9/2020 - 2:47:50.59Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
11/9/2020 - 2:47:50.75Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
11/9/2020 - 2:47:50.75Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
11/9/2020 - 2:47:50.75Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
11/9/2020 - 2:47:50.75Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
11/9/2020 - 2:47:50.75Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
11/9/2020 - 2:47:50.75Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
11/9/2020 - 2:47:50.75Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
11/9/2020 - 2:47:50.75Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
11/9/2020 - 2:47:50.372Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
11/9/2020 - 2:47:50.372Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
11/9/2020 - 2:47:50.840Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
11/9/2020 - 2:47:50.840Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
11/9/2020 - 2:47:50.840Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
11/9/2020 - 2:47:50.840Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
11/9/2020 - 2:47:50.840Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:51.215Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\SXS.DLL
11/9/2020 - 2:47:51.215Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
11/9/2020 - 2:47:51.215Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
11/9/2020 - 2:47:51.215Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:47:51.215Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:51.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:51.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:51.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:51.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:51.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:51.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:51.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:51.700Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:51.700Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:51.715Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:51.715Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:51.715Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:51.715Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:51.715Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:51.715Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
11/9/2020 - 2:47:52.590Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
11/9/2020 - 2:47:52.590Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:52.590Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.590Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.637Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:52.684Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.731Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.778Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:52.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:52.918Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.918Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:52.965Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:53.12Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:53.59Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:53.106Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11/9/2020 - 2:47:53.153Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:53.153Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11/9/2020 - 2:47:53.153Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:53.200Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:53.247Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:53.293Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:53.340Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11/9/2020 - 2:47:53.340Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:53.340Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:47:53.340Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:53.340Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:53.340Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:53.340Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:53.340Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:53.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
11/9/2020 - 2:47:58.668Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:59.887Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:59.887Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:59.887Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:2.981Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:3.75Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:6.168Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData
11/9/2020 - 2:48:6.168Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:6.168Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users
11/9/2020 - 2:48:6.168Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA
11/9/2020 - 2:48:6.168Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:6.168Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:6.168Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:6.168Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:6.168Write2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:6.168Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:6.168Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:10.340Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:10.340Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:10.340Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe:Zone.Identifier
11/9/2020 - 2:48:21.637Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:21.684Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:21.731Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:21.778Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:21.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:21.872Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:21.918Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:21.965Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.12Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.59Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\shfolder.dll
11/9/2020 - 2:48:22.59Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:48:22.59Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:48:22.59Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:48:22.59Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:48:22.59Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.106Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.153Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.200Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.247Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.293Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.356Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:48:22.403Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
11/9/2020 - 2:48:22.403Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
11/9/2020 - 2:48:22.403Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
11/9/2020 - 2:48:22.403Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
11/9/2020 - 2:48:22.403Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
11/9/2020 - 2:48:22.403Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
11/9/2020 - 2:48:22.403Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
11/9/2020 - 2:48:22.403Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
11/9/2020 - 2:48:22.403Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Torch\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\liebao\User Data
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
11/9/2020 - 2:48:22.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
11/9/2020 - 2:48:22.418Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor\Folder.lst
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\en-us.nlp
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:48:22.465Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:48:22.465Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:22.465Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:22.465Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:22.465Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:22.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:22.528Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:22.528Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:22.528Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:22.528Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:22.528Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:22.528Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:22.528Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:22.528Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:22.809Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:22.809Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:48:22.809Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Storage
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\mail
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
11/9/2020 - 2:48:22.809Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
11/9/2020 - 2:48:22.809Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.809Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.809Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.809Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.809Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.809Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.809Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:22.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
11/9/2020 - 2:48:22.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:22.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:22.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.825Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
11/9/2020 - 2:48:22.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
11/9/2020 - 2:48:22.825Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\The Bat!
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
11/9/2020 - 2:48:22.887Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\UCBrowser
11/9/2020 - 2:48:22.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
11/9/2020 - 2:48:22.903Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
11/9/2020 - 2:48:22.903Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.950Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:22.997Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.43Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.90Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.137Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.184Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.231Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.278Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.325Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.372Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.418Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
11/9/2020 - 2:48:23.418Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:23.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
11/9/2020 - 2:48:23.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
11/9/2020 - 2:48:23.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
11/9/2020 - 2:48:23.465Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
11/9/2020 - 2:48:24.262Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:24.262Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
11/9/2020 - 2:48:24.262Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
11/9/2020 - 2:48:24.262Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
11/9/2020 - 2:48:24.262Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
11/9/2020 - 2:48:24.262Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
11/9/2020 - 2:48:24.262Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
11/9/2020 - 2:48:24.262Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:48:24.278Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:48:24.293Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:48:24.293Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:48:24.293Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:48:24.293Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:48:24.293Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)
11/9/2020 - 2:48:24.293Unknown2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)
11/9/2020 - 2:48:24.293Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:24.340Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:24.387Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
11/9/2020 - 2:48:24.387Read2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:33.184Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:48:33.184Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:48:33.184Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:48:33.184Open2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll

Process
Trace
11/9/2020 - 2:47:36.637Create1480C:\malware.exe2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
11/9/2020 - 2:45:59.184Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
11/9/2020 - 2:48:6.215Write2600C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeHKCU\Software\Microsoft\Windows\CurrentVersion\RunBAVLA

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 66.25%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 98.29%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 59.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 82.38%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.98%
suspicious: True check_circle

Add to Collection
Download