Report #11336 check_circle

Binary
DLL
False cancel
Size
1.13MB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
4db1ef83a3e45e00c19288dd2269d0e8
sha1
b027dc36bd615bfc13a3c3239122e91499a68ee8
crc32
0x3cf3f2a6
sha224
d88428d8f0a8e78e5c6d129d0620731ebc97286ead8e442f97391fcf
sha256
679e037a08f7c9d5f0fcdf6aad2a83aab5fc7a91e176a22f5b2064d4db1364c6
sha384
f72cda09d8d80dc5d46561797be56e9ad19c4de46b2cf41897f8e651b66551ad1dea486197f7a7e803d2dc8db8edca24
sha512
16efa62808664225e5e928bc7ca48e9fc433b904e344749fb11f4d4e96200dc036858033c3246b31ea487e5c3051fce4127e2ddbf9068366c9fa95332d442e6a
ssdeep
24576:IHqEidpYNGRl4Mmbc1QtfnH9yFFHtBDRk8axPQAdq31q:I7ypRl4MmbbfH9oFNpZ6Pyk
Community
Google
False cancel
HashLib
False cancel
YARA
Matches


Suspicious
False cancel

Strings
List


Foremost
Matches
0.exe, 1 MB, 192.png, 746 KB, 1902.png, 13 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed
hasFiles: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 218112
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 976974
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed
hasLibs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: False cancel
Value: 0
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 13
.text: 450

pushpopmath
.rsrc: 5
.text: 498

ss register
.text: 10

garbagebytes
.rsrc: 5
.text: 143

hookdetection
.text: 14

software breakpoint
.text: 18

fakeconditionaljumps
.text: 14

programcontrolflowchange
.rsrc: 5
.text: 130

cpuinstructionsresultscomparison
.rsrc: 52
.text: 25

AVclass
packednet
1
VirusTotal
md5
4db1ef83a3e45e00c19288dd2269d0e8
sha1
b027dc36bd615bfc13a3c3239122e91499a68ee8
SCANS (DETECTION RATE = 75.36%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200814
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200814
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=84)
update: 20200814
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200813
version: 6.59
detected: True check_circle

Bkav
update: 20200814
version: 1.3.0.9899
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20200814
version: 11.130.34992
detected: True check_circle

ALYac
result: Trojan.GenericKD.43611795
update: 20200814
version: 1.1.1.5
detected: True check_circle

Avira
result: TR/Kryptik.rlwmy
update: 20200814
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200814
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/Ursu.DF.gen!Eldorado
update: 20200814
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.PackedNET.405
update: 20200814
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.43611795
update: 20200814
version: A:25.26591B:27.19799
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200813
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20200814
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200814
version: 85928
detected: True check_circle

Zoner
update: 20200813
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200813
version: 0.102.4.0
detected: False cancel

Comodo
update: 20200728
version: 32668
detected: False cancel

F-Prot
result: W32/Ursu.DF.gen!Eldorado
update: 20200814
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Inject
update: 20200814
version: 0.1.5.2
detected: True check_circle

McAfee
result: Fareit-FXH!4DB1EF83A3E4
update: 20200814
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Ludicrouz!8.FB9A (CLOUD)
update: 20200814
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200814
version: 4.98.0
detected: True check_circle

Yandex
update: 20200707
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200814
version: 2.0.0.4154
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
result: Trojan:MSIL/Kryptik.654ecd5b
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2997693
update: 20200814
version: 1.0.0.877
detected: True check_circle

Cylance
result: Unsafe
update: 20200814
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20200727
version: 4.0.6
detected: True check_circle

FireEye
result: Generic.mg.4db1ef83a3e45e00
update: 20200814
version: 32.36.1.0
detected: True check_circle

Sangfor
result: Malware
update: 20200814
version: 1.0
detected: True check_circle

TACHYON
update: 20200814
version: 2020-08-14.02
detected: False cancel

Tencent
update: 20200814
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200814
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Gen
update: 20200814
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_99%
update: 20200814
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.43611795
update: 20200814
version: 3.0.16.117
detected: True check_circle

AegisLab
result: Trojan.Win32.Malicious.4!c
update: 20200814
version: 4.2
detected: True check_circle

F-Secure
result: Trojan.TR/Kryptik.rlwmy
update: 20200814
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Kryptik.XGR!tr
update: 20200814
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200814
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200814
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200814
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200814
version: 1.11.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.KeyLogger.C854703
update: 20200814
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
result: Trojan/MSIL.Kryptik
update: 20200814
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200814
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20200813
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:MSIL/Masson.KB
update: 20200814
version: 1.1.17300.4
detected: True check_circle

Qihoo-360
result: Win32/Trojan.PWS.d75
update: 20200814
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200814
version: 1.0
detected: True check_circle

Cybereason
result: malicious.6bd615
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.XGR
update: 20200814
version: 21821
detected: True check_circle

TrendMicro
result: PUA.MSIL.Ludicrouz.USXVPH720
update: 20200814
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.43611795
update: 20200814
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20200814
version: 11.129.34991
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200724
version: 4.4.0.0
detected: True check_circle

Malwarebytes
result: Backdoor.Agent.PDL
update: 20200814
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200814
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200814
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.PackedNET.hqyyju
update: 20200814
version: 1.0.134.25119
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZemsilF.34152.in0@amBlrqc
update: 20200805
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.43611795
update: 20200814
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200814
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: PUA.MSIL.Ludicrouz.USXVPH720
update: 20200814
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
679e037a08f7c9d5f0fcdf6aad2a83aab5fc7a91e176a22f5b2064d4db1364c6
scan_id
679e037a08f7c9d5f0fcdf6aad2a83aab5fc7a91e176a22f5b2064d4db1364c6-1597400238
resource
4db1ef83a3e45e00c19288dd2269d0e8
positives
52
scan_date
2020-08-14 10:17:18
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/9/2020 - 2:45:45.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:45.637Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:45.637Open1480C:\malware.exeC:\malware.exe.config
11/9/2020 - 2:45:45.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/9/2020 - 2:45:45.747Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:45.747Unknown1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:45:45.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
11/9/2020 - 2:45:45.747Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
11/9/2020 - 2:45:45.762Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:45:45.762Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.793Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:45.793Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:45.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.606Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\
11/9/2020 - 2:45:46.606Unknown1480C:\malware.exeC:\
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\Monitor
11/9/2020 - 2:45:46.606Unknown1480C:\malware.exeC:\Monitor
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:46.606Unknown1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.606Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:45:46.606Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:45:46.653Open1480C:\malware.exeC:\malware.config
11/9/2020 - 2:45:46.653Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.653Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.653Open1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:46.653Unknown1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.653Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
11/9/2020 - 2:45:46.653Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.653Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:45:46.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:45:46.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:45:46.668Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:45:46.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:46.668Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:46.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:46.668Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
11/9/2020 - 2:45:46.684Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/9/2020 - 2:45:46.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:45:46.684Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.684Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:45:46.684Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.684Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:45:46.684Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.684Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:46.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:45:46.747Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:46.747Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:45:46.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:48.575Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:49.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:49.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:49.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:50.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:50.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:50.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:50.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
11/9/2020 - 2:45:51.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/9/2020 - 2:45:51.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/9/2020 - 2:45:51.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/9/2020 - 2:45:51.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/9/2020 - 2:45:51.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/9/2020 - 2:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.840Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:52.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
11/9/2020 - 2:45:52.793Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:45:52.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:45:52.793Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:45:52.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:45:52.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\ShFolder.DLL
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:52.840Unknown1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:52.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:52.840Unknown1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:52.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:52.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:52.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/9/2020 - 2:45:52.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/9/2020 - 2:45:52.856Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/9/2020 - 2:45:52.856Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/9/2020 - 2:45:52.856Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/9/2020 - 2:45:52.856Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/9/2020 - 2:45:52.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:52.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:52.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:52.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:53.278Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:53.325Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:53.372Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/9/2020 - 2:45:53.372Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/9/2020 - 2:45:53.372Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/9/2020 - 2:45:53.372Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/9/2020 - 2:45:53.512Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/9/2020 - 2:45:53.559Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/9/2020 - 2:45:53.559Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/9/2020 - 2:45:53.559Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/9/2020 - 2:45:53.653Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/9/2020 - 2:45:53.700Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/9/2020 - 2:45:53.700Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/9/2020 - 2:45:53.700Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/9/2020 - 2:45:53.840Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/9/2020 - 2:45:53.887Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/9/2020 - 2:45:53.887Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/9/2020 - 2:45:53.887Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/9/2020 - 2:45:54.28Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/9/2020 - 2:45:54.75Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/9/2020 - 2:45:54.75Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/9/2020 - 2:45:54.75Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/9/2020 - 2:45:54.168Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/9/2020 - 2:45:54.168Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/9/2020 - 2:45:54.168Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/9/2020 - 2:45:54.168Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/9/2020 - 2:45:54.262Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/9/2020 - 2:45:54.262Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/9/2020 - 2:45:54.262Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/9/2020 - 2:45:54.262Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/9/2020 - 2:45:54.356Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/9/2020 - 2:45:54.356Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/9/2020 - 2:45:54.356Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/9/2020 - 2:45:54.356Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/9/2020 - 2:45:54.497Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/9/2020 - 2:45:54.497Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/9/2020 - 2:45:54.497Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/9/2020 - 2:45:54.497Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/9/2020 - 2:45:54.637Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/9/2020 - 2:45:54.684Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/9/2020 - 2:45:54.684Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/9/2020 - 2:45:54.684Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/9/2020 - 2:45:54.778Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/9/2020 - 2:45:54.825Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/9/2020 - 2:45:54.825Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/9/2020 - 2:45:54.825Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/9/2020 - 2:45:54.918Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/9/2020 - 2:45:54.918Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/9/2020 - 2:45:54.918Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/9/2020 - 2:45:54.918Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/9/2020 - 2:45:55.12Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/9/2020 - 2:45:55.12Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:45:55.12Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:45:55.12Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:45:55.575Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:45:55.997Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:45:56.43Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:45:56.90Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/9/2020 - 2:45:56.90Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/9/2020 - 2:45:56.90Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/9/2020 - 2:45:56.90Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/9/2020 - 2:45:56.184Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/9/2020 - 2:45:56.184Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/9/2020 - 2:45:56.184Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/9/2020 - 2:45:56.184Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/9/2020 - 2:45:56.325Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/9/2020 - 2:45:56.325Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/9/2020 - 2:45:56.325Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/9/2020 - 2:45:56.325Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/9/2020 - 2:45:56.418Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/9/2020 - 2:45:56.418Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/9/2020 - 2:45:56.418Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/9/2020 - 2:45:56.418Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/9/2020 - 2:45:56.512Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/9/2020 - 2:45:56.559Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/9/2020 - 2:45:56.559Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/9/2020 - 2:45:56.559Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/9/2020 - 2:45:56.653Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/9/2020 - 2:45:56.700Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/9/2020 - 2:45:56.700Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/9/2020 - 2:45:56.700Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/9/2020 - 2:45:56.793Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/9/2020 - 2:45:56.793Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/9/2020 - 2:45:56.793Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/9/2020 - 2:45:56.793Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/9/2020 - 2:45:56.887Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/9/2020 - 2:45:56.887Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/9/2020 - 2:45:56.887Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/9/2020 - 2:45:56.887Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/9/2020 - 2:45:56.981Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/9/2020 - 2:45:57.28Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/9/2020 - 2:45:57.28Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/9/2020 - 2:45:57.28Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/9/2020 - 2:45:57.122Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/9/2020 - 2:45:57.168Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/9/2020 - 2:45:57.168Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/9/2020 - 2:45:57.168Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/9/2020 - 2:45:57.262Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/9/2020 - 2:45:57.262Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/9/2020 - 2:45:57.262Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/9/2020 - 2:45:57.262Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/9/2020 - 2:45:57.356Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/9/2020 - 2:45:57.356Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/9/2020 - 2:45:57.356Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/9/2020 - 2:45:57.356Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/9/2020 - 2:45:57.450Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/9/2020 - 2:45:57.450Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/9/2020 - 2:45:57.450Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/9/2020 - 2:45:57.450Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/9/2020 - 2:45:57.543Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/9/2020 - 2:45:57.543Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/9/2020 - 2:45:57.543Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/9/2020 - 2:45:57.543Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/9/2020 - 2:45:57.637Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/9/2020 - 2:45:57.684Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:45:57.684Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:45:57.684Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:45:57.965Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:45:58.106Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/9/2020 - 2:45:58.106Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/9/2020 - 2:45:58.106Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/9/2020 - 2:45:58.387Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/9/2020 - 2:45:58.528Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/9/2020 - 2:45:58.528Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/9/2020 - 2:45:58.528Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/9/2020 - 2:45:58.668Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/9/2020 - 2:45:58.715Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/9/2020 - 2:45:58.715Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/9/2020 - 2:45:58.715Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/9/2020 - 2:45:58.809Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/9/2020 - 2:45:58.856Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:45:58.856Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:45:58.856Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:45:59.512Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:0.215Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:0.590Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:1.12Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/9/2020 - 2:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:1.387Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:2.43Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:2.747Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:3.153Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:3.575Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/9/2020 - 2:46:3.950Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/9/2020 - 2:46:3.950Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/9/2020 - 2:46:3.950Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/9/2020 - 2:46:4.137Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/9/2020 - 2:46:4.184Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:4.184Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:4.184Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:4.512Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:4.840Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/9/2020 - 2:46:4.840Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/9/2020 - 2:46:4.840Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/9/2020 - 2:46:5.168Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/9/2020 - 2:46:5.450Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:5.450Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:5.450Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:5.825Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:6.200Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/9/2020 - 2:46:6.200Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/9/2020 - 2:46:6.200Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/9/2020 - 2:46:6.575Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/9/2020 - 2:46:6.950Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:6.950Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:6.950Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:7.465Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:7.840Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:7.840Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/9/2020 - 2:46:7.840Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:7.840Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:7.840Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:8.778Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:8.778Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/9/2020 - 2:46:8.778Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/9/2020 - 2:46:8.778Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/9/2020 - 2:46:8.778Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/9/2020 - 2:46:8.918Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/9/2020 - 2:46:9.12Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:9.12Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:9.12Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:9.434Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:9.762Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:9.903Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/9/2020 - 2:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:10.372Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:10.700Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/9/2020 - 2:46:10.793Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/9/2020 - 2:46:10.793Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/9/2020 - 2:46:10.793Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/9/2020 - 2:46:10.887Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/9/2020 - 2:46:10.887Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/9/2020 - 2:46:10.887Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/9/2020 - 2:46:10.887Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/9/2020 - 2:46:10.981Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/9/2020 - 2:46:10.981Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/9/2020 - 2:46:10.981Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/9/2020 - 2:46:10.981Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/9/2020 - 2:46:11.75Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/9/2020 - 2:46:11.75Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/9/2020 - 2:46:11.75Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/9/2020 - 2:46:11.75Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/9/2020 - 2:46:11.215Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/9/2020 - 2:46:11.309Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/9/2020 - 2:46:11.309Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/9/2020 - 2:46:11.309Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/9/2020 - 2:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/9/2020 - 2:46:11.497Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/9/2020 - 2:46:11.497Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/9/2020 - 2:46:11.497Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/9/2020 - 2:46:11.637Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/9/2020 - 2:46:11.637Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/9/2020 - 2:46:11.637Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/9/2020 - 2:46:11.637Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/9/2020 - 2:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/9/2020 - 2:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/9/2020 - 2:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/9/2020 - 2:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/9/2020 - 2:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/9/2020 - 2:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/9/2020 - 2:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/9/2020 - 2:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/9/2020 - 2:46:11.965Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/9/2020 - 2:46:11.965Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/9/2020 - 2:46:11.965Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/9/2020 - 2:46:11.965Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/9/2020 - 2:46:12.106Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/9/2020 - 2:46:12.247Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/9/2020 - 2:46:12.247Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/9/2020 - 2:46:12.247Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/9/2020 - 2:46:12.387Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/9/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/9/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/9/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/9/2020 - 2:46:12.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/9/2020 - 2:46:12.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/9/2020 - 2:46:12.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/9/2020 - 2:46:12.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/9/2020 - 2:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/9/2020 - 2:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/9/2020 - 2:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/9/2020 - 2:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/9/2020 - 2:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/9/2020 - 2:46:12.856Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/9/2020 - 2:46:12.997Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/9/2020 - 2:46:13.43Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/9/2020 - 2:46:13.43Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/9/2020 - 2:46:13.43Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/9/2020 - 2:46:13.184Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/9/2020 - 2:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:13.372Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/9/2020 - 2:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/9/2020 - 2:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/9/2020 - 2:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/9/2020 - 2:46:13.793Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/9/2020 - 2:46:13.981Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/9/2020 - 2:46:13.981Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/9/2020 - 2:46:13.981Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/9/2020 - 2:46:14.75Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/9/2020 - 2:46:14.75Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/9/2020 - 2:46:14.75Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/9/2020 - 2:46:14.75Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/9/2020 - 2:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/9/2020 - 2:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/9/2020 - 2:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/9/2020 - 2:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/9/2020 - 2:46:14.262Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/9/2020 - 2:46:14.262Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/9/2020 - 2:46:14.262Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/9/2020 - 2:46:14.262Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/9/2020 - 2:46:14.262Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/9/2020 - 2:46:14.262Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/9/2020 - 2:46:14.262Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/9/2020 - 2:46:14.262Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/9/2020 - 2:46:14.403Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/9/2020 - 2:46:14.497Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/9/2020 - 2:46:14.497Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/9/2020 - 2:46:14.497Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/9/2020 - 2:46:14.543Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/9/2020 - 2:46:14.543Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/9/2020 - 2:46:14.543Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/9/2020 - 2:46:14.543Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/9/2020 - 2:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/9/2020 - 2:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/9/2020 - 2:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/9/2020 - 2:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/9/2020 - 2:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/9/2020 - 2:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/9/2020 - 2:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/9/2020 - 2:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/9/2020 - 2:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/9/2020 - 2:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/9/2020 - 2:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/9/2020 - 2:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/9/2020 - 2:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/9/2020 - 2:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/9/2020 - 2:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/9/2020 - 2:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/9/2020 - 2:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/9/2020 - 2:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/9/2020 - 2:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/9/2020 - 2:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/9/2020 - 2:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/9/2020 - 2:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/9/2020 - 2:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/9/2020 - 2:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/9/2020 - 2:46:15.387Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/9/2020 - 2:46:15.387Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/9/2020 - 2:46:15.387Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/9/2020 - 2:46:15.387Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/9/2020 - 2:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/9/2020 - 2:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:15.575Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:15.575Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/9/2020 - 2:46:15.575Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/9/2020 - 2:46:15.575Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/9/2020 - 2:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/9/2020 - 2:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/9/2020 - 2:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/9/2020 - 2:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/9/2020 - 2:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/9/2020 - 2:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/9/2020 - 2:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/9/2020 - 2:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/9/2020 - 2:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/9/2020 - 2:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/9/2020 - 2:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/9/2020 - 2:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/9/2020 - 2:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/9/2020 - 2:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/9/2020 - 2:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/9/2020 - 2:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/9/2020 - 2:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/9/2020 - 2:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/9/2020 - 2:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/9/2020 - 2:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/9/2020 - 2:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/9/2020 - 2:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/9/2020 - 2:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/9/2020 - 2:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/9/2020 - 2:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/9/2020 - 2:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/9/2020 - 2:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/9/2020 - 2:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/9/2020 - 2:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/9/2020 - 2:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/9/2020 - 2:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/9/2020 - 2:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/9/2020 - 2:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/9/2020 - 2:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/9/2020 - 2:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/9/2020 - 2:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/9/2020 - 2:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/9/2020 - 2:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/9/2020 - 2:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/9/2020 - 2:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/9/2020 - 2:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/9/2020 - 2:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/9/2020 - 2:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/9/2020 - 2:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/9/2020 - 2:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/9/2020 - 2:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/9/2020 - 2:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/9/2020 - 2:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/9/2020 - 2:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/9/2020 - 2:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/9/2020 - 2:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/9/2020 - 2:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/9/2020 - 2:46:16.981Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/9/2020 - 2:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/9/2020 - 2:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/9/2020 - 2:46:17.28Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/9/2020 - 2:46:17.168Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/9/2020 - 2:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/9/2020 - 2:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/9/2020 - 2:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/9/2020 - 2:46:17.309Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/9/2020 - 2:46:17.309Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/9/2020 - 2:46:17.309Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/9/2020 - 2:46:17.309Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/9/2020 - 2:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/9/2020 - 2:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/9/2020 - 2:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/9/2020 - 2:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/9/2020 - 2:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/9/2020 - 2:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/9/2020 - 2:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/9/2020 - 2:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/9/2020 - 2:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/9/2020 - 2:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/9/2020 - 2:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/9/2020 - 2:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/9/2020 - 2:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/9/2020 - 2:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/9/2020 - 2:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/9/2020 - 2:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/9/2020 - 2:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/9/2020 - 2:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/9/2020 - 2:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/9/2020 - 2:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/9/2020 - 2:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/9/2020 - 2:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/9/2020 - 2:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/9/2020 - 2:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/9/2020 - 2:46:17.965Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/9/2020 - 2:46:17.965Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/9/2020 - 2:46:17.965Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/9/2020 - 2:46:17.965Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/9/2020 - 2:46:18.106Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/9/2020 - 2:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/9/2020 - 2:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/9/2020 - 2:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/9/2020 - 2:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/9/2020 - 2:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/9/2020 - 2:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/9/2020 - 2:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/9/2020 - 2:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/9/2020 - 2:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/9/2020 - 2:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/9/2020 - 2:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/9/2020 - 2:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/9/2020 - 2:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/9/2020 - 2:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/9/2020 - 2:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/9/2020 - 2:46:18.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/9/2020 - 2:46:18.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/9/2020 - 2:46:18.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/9/2020 - 2:46:18.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/9/2020 - 2:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/9/2020 - 2:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/9/2020 - 2:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/9/2020 - 2:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/9/2020 - 2:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/9/2020 - 2:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/9/2020 - 2:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/9/2020 - 2:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/9/2020 - 2:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/9/2020 - 2:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/9/2020 - 2:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/9/2020 - 2:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/9/2020 - 2:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/9/2020 - 2:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/9/2020 - 2:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/9/2020 - 2:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/9/2020 - 2:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/9/2020 - 2:46:18.997Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/9/2020 - 2:46:19.137Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/9/2020 - 2:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/9/2020 - 2:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/9/2020 - 2:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/9/2020 - 2:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/9/2020 - 2:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/9/2020 - 2:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/9/2020 - 2:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/9/2020 - 2:46:19.512Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/9/2020 - 2:46:19.512Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/9/2020 - 2:46:19.512Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/9/2020 - 2:46:19.512Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/9/2020 - 2:46:19.606Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/9/2020 - 2:46:19.606Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/9/2020 - 2:46:19.606Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/9/2020 - 2:46:19.606Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/9/2020 - 2:46:19.747Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/9/2020 - 2:46:19.887Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/9/2020 - 2:46:19.887Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/9/2020 - 2:46:19.887Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/9/2020 - 2:46:20.28Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/9/2020 - 2:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/9/2020 - 2:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/9/2020 - 2:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/9/2020 - 2:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/9/2020 - 2:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/9/2020 - 2:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/9/2020 - 2:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/9/2020 - 2:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/9/2020 - 2:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/9/2020 - 2:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/9/2020 - 2:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/9/2020 - 2:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/9/2020 - 2:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/9/2020 - 2:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/9/2020 - 2:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/9/2020 - 2:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/9/2020 - 2:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/9/2020 - 2:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/9/2020 - 2:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/9/2020 - 2:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/9/2020 - 2:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/9/2020 - 2:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/9/2020 - 2:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/9/2020 - 2:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/9/2020 - 2:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/9/2020 - 2:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/9/2020 - 2:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/9/2020 - 2:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/9/2020 - 2:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/9/2020 - 2:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/9/2020 - 2:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/9/2020 - 2:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/9/2020 - 2:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/9/2020 - 2:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/9/2020 - 2:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/9/2020 - 2:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/9/2020 - 2:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/9/2020 - 2:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/9/2020 - 2:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/9/2020 - 2:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/9/2020 - 2:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/9/2020 - 2:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/9/2020 - 2:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/9/2020 - 2:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/9/2020 - 2:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/9/2020 - 2:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/9/2020 - 2:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/9/2020 - 2:46:21.293Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/9/2020 - 2:46:21.293Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/9/2020 - 2:46:21.293Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/9/2020 - 2:46:21.293Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/9/2020 - 2:46:21.575Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/9/2020 - 2:46:21.668Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/9/2020 - 2:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/9/2020 - 2:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/9/2020 - 2:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/9/2020 - 2:46:22.43Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/9/2020 - 2:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/9/2020 - 2:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/9/2020 - 2:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/9/2020 - 2:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/9/2020 - 2:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/9/2020 - 2:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/9/2020 - 2:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/9/2020 - 2:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/9/2020 - 2:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/9/2020 - 2:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/9/2020 - 2:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/9/2020 - 2:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/9/2020 - 2:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/9/2020 - 2:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/9/2020 - 2:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/9/2020 - 2:46:22.700Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/9/2020 - 2:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/9/2020 - 2:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/9/2020 - 2:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/9/2020 - 2:46:22.793Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/9/2020 - 2:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/9/2020 - 2:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/9/2020 - 2:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/9/2020 - 2:46:22.887Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/9/2020 - 2:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/9/2020 - 2:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/9/2020 - 2:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/9/2020 - 2:46:22.981Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/9/2020 - 2:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/9/2020 - 2:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/9/2020 - 2:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/9/2020 - 2:46:23.75Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/9/2020 - 2:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/9/2020 - 2:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/9/2020 - 2:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/9/2020 - 2:46:23.168Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/9/2020 - 2:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/9/2020 - 2:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/9/2020 - 2:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/9/2020 - 2:46:23.262Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/9/2020 - 2:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/9/2020 - 2:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/9/2020 - 2:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/9/2020 - 2:46:23.356Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/9/2020 - 2:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/9/2020 - 2:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/9/2020 - 2:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/9/2020 - 2:46:23.450Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/9/2020 - 2:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/9/2020 - 2:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/9/2020 - 2:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/9/2020 - 2:46:23.543Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/9/2020 - 2:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/9/2020 - 2:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/9/2020 - 2:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/9/2020 - 2:46:23.637Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/9/2020 - 2:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/9/2020 - 2:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/9/2020 - 2:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/9/2020 - 2:46:23.731Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/9/2020 - 2:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/9/2020 - 2:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/9/2020 - 2:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/9/2020 - 2:46:23.825Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/9/2020 - 2:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/9/2020 - 2:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/9/2020 - 2:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/9/2020 - 2:46:23.918Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/9/2020 - 2:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/9/2020 - 2:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/9/2020 - 2:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/9/2020 - 2:46:24.12Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/9/2020 - 2:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/9/2020 - 2:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/9/2020 - 2:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/9/2020 - 2:46:24.106Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/9/2020 - 2:46:24.200Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/9/2020 - 2:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/9/2020 - 2:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/9/2020 - 2:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/9/2020 - 2:46:24.293Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/9/2020 - 2:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/9/2020 - 2:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/9/2020 - 2:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/9/2020 - 2:46:24.387Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/9/2020 - 2:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/9/2020 - 2:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/9/2020 - 2:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/9/2020 - 2:46:24.481Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/9/2020 - 2:46:24.575Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/9/2020 - 2:46:24.575Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/9/2020 - 2:46:24.575Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/9/2020 - 2:46:24.575Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/9/2020 - 2:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/9/2020 - 2:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/9/2020 - 2:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/9/2020 - 2:46:24.668Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/9/2020 - 2:46:24.762Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/9/2020 - 2:46:24.762Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/9/2020 - 2:46:24.762Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/9/2020 - 2:46:24.762Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/9/2020 - 2:46:24.856Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/9/2020 - 2:46:24.950Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/9/2020 - 2:46:24.950Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/9/2020 - 2:46:24.950Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/9/2020 - 2:46:24.950Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/9/2020 - 2:46:25.43Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/9/2020 - 2:46:25.43Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/9/2020 - 2:46:25.43Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/9/2020 - 2:46:25.43Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/9/2020 - 2:46:25.137Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/9/2020 - 2:46:25.137Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/9/2020 - 2:46:25.137Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/9/2020 - 2:46:25.137Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/9/2020 - 2:46:25.231Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/9/2020 - 2:46:25.231Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/9/2020 - 2:46:25.231Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/9/2020 - 2:46:25.231Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/9/2020 - 2:46:25.325Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/9/2020 - 2:46:25.325Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/9/2020 - 2:46:25.325Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/9/2020 - 2:46:25.325Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/9/2020 - 2:46:25.418Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/9/2020 - 2:46:25.418Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/9/2020 - 2:46:25.418Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/9/2020 - 2:46:25.418Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/9/2020 - 2:46:25.512Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/9/2020 - 2:46:25.512Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/9/2020 - 2:46:25.512Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/9/2020 - 2:46:25.512Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/9/2020 - 2:46:25.606Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/9/2020 - 2:46:25.606Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/9/2020 - 2:46:25.606Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/9/2020 - 2:46:25.606Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/9/2020 - 2:46:25.700Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/9/2020 - 2:46:25.700Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/9/2020 - 2:46:25.700Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/9/2020 - 2:46:25.700Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/9/2020 - 2:46:25.793Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/9/2020 - 2:46:25.793Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/9/2020 - 2:46:25.793Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/9/2020 - 2:46:25.793Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/9/2020 - 2:46:25.887Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/9/2020 - 2:46:25.887Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/9/2020 - 2:46:25.887Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/9/2020 - 2:46:25.887Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/9/2020 - 2:46:25.981Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/9/2020 - 2:46:25.981Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/9/2020 - 2:46:25.981Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/9/2020 - 2:46:25.981Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/9/2020 - 2:46:26.75Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/9/2020 - 2:46:26.75Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/9/2020 - 2:46:26.75Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/9/2020 - 2:46:26.75Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/9/2020 - 2:46:26.168Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/9/2020 - 2:46:26.168Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/9/2020 - 2:46:26.168Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/9/2020 - 2:46:26.168Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/9/2020 - 2:46:26.262Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/9/2020 - 2:46:26.262Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/9/2020 - 2:46:26.262Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/9/2020 - 2:46:26.262Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/9/2020 - 2:46:26.356Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/9/2020 - 2:46:26.356Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/9/2020 - 2:46:26.356Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/9/2020 - 2:46:26.356Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/9/2020 - 2:46:26.450Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/9/2020 - 2:46:26.450Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/9/2020 - 2:46:26.450Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/9/2020 - 2:46:26.450Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/9/2020 - 2:46:26.543Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/9/2020 - 2:46:26.543Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/9/2020 - 2:46:26.543Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/9/2020 - 2:46:26.543Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/9/2020 - 2:46:26.825Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/9/2020 - 2:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/9/2020 - 2:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/9/2020 - 2:46:26.965Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/9/2020 - 2:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/9/2020 - 2:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/9/2020 - 2:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/9/2020 - 2:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/9/2020 - 2:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/9/2020 - 2:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/9/2020 - 2:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/9/2020 - 2:46:27.106Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/9/2020 - 2:46:27.153Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/9/2020 - 2:46:27.340Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/9/2020 - 2:46:27.340Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/9/2020 - 2:46:27.340Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/9/2020 - 2:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/9/2020 - 2:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/9/2020 - 2:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/9/2020 - 2:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/9/2020 - 2:46:27.840Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/9/2020 - 2:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/9/2020 - 2:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/9/2020 - 2:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/9/2020 - 2:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/9/2020 - 2:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/9/2020 - 2:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/9/2020 - 2:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/9/2020 - 2:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/9/2020 - 2:46:29.340Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/9/2020 - 2:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/9/2020 - 2:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/9/2020 - 2:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/9/2020 - 2:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/9/2020 - 2:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/9/2020 - 2:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/9/2020 - 2:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/9/2020 - 2:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/9/2020 - 2:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/9/2020 - 2:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/9/2020 - 2:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/9/2020 - 2:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/9/2020 - 2:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/9/2020 - 2:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/9/2020 - 2:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/9/2020 - 2:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/9/2020 - 2:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/9/2020 - 2:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/9/2020 - 2:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/9/2020 - 2:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/9/2020 - 2:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/9/2020 - 2:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/9/2020 - 2:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/9/2020 - 2:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/9/2020 - 2:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/9/2020 - 2:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/9/2020 - 2:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/9/2020 - 2:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/9/2020 - 2:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/9/2020 - 2:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/9/2020 - 2:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/9/2020 - 2:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/9/2020 - 2:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/9/2020 - 2:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/9/2020 - 2:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/9/2020 - 2:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/9/2020 - 2:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/9/2020 - 2:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/9/2020 - 2:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/9/2020 - 2:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/9/2020 - 2:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/9/2020 - 2:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/9/2020 - 2:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/9/2020 - 2:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/9/2020 - 2:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/9/2020 - 2:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/9/2020 - 2:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/9/2020 - 2:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/9/2020 - 2:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/9/2020 - 2:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/9/2020 - 2:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/9/2020 - 2:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/9/2020 - 2:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/9/2020 - 2:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/9/2020 - 2:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/9/2020 - 2:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/9/2020 - 2:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/9/2020 - 2:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/9/2020 - 2:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/9/2020 - 2:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/9/2020 - 2:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/9/2020 - 2:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/9/2020 - 2:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/9/2020 - 2:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/9/2020 - 2:46:32.622Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/9/2020 - 2:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/9/2020 - 2:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/9/2020 - 2:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/9/2020 - 2:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/9/2020 - 2:46:32.887Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/9/2020 - 2:46:32.887Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/9/2020 - 2:46:32.887Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/9/2020 - 2:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/9/2020 - 2:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/9/2020 - 2:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/9/2020 - 2:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/9/2020 - 2:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/9/2020 - 2:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/9/2020 - 2:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/9/2020 - 2:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/9/2020 - 2:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/9/2020 - 2:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/9/2020 - 2:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/9/2020 - 2:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/9/2020 - 2:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/9/2020 - 2:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/9/2020 - 2:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/9/2020 - 2:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/9/2020 - 2:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/9/2020 - 2:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/9/2020 - 2:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/9/2020 - 2:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/9/2020 - 2:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/9/2020 - 2:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/9/2020 - 2:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/9/2020 - 2:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/9/2020 - 2:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/9/2020 - 2:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/9/2020 - 2:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/9/2020 - 2:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/9/2020 - 2:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/9/2020 - 2:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/9/2020 - 2:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/9/2020 - 2:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/9/2020 - 2:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/9/2020 - 2:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/9/2020 - 2:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/9/2020 - 2:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/9/2020 - 2:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/9/2020 - 2:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/9/2020 - 2:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/9/2020 - 2:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/9/2020 - 2:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/9/2020 - 2:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/9/2020 - 2:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/9/2020 - 2:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/9/2020 - 2:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/9/2020 - 2:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/9/2020 - 2:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/9/2020 - 2:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/9/2020 - 2:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/9/2020 - 2:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/9/2020 - 2:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/9/2020 - 2:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/9/2020 - 2:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/9/2020 - 2:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/9/2020 - 2:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/9/2020 - 2:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/9/2020 - 2:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/9/2020 - 2:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/9/2020 - 2:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/9/2020 - 2:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/9/2020 - 2:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/9/2020 - 2:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/9/2020 - 2:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/9/2020 - 2:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/9/2020 - 2:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/9/2020 - 2:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/9/2020 - 2:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/9/2020 - 2:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/9/2020 - 2:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/9/2020 - 2:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/9/2020 - 2:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/9/2020 - 2:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/9/2020 - 2:46:36.590Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/9/2020 - 2:46:36.590Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/9/2020 - 2:46:36.590Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/9/2020 - 2:46:36.590Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/9/2020 - 2:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/9/2020 - 2:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/9/2020 - 2:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/9/2020 - 2:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/9/2020 - 2:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/9/2020 - 2:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/9/2020 - 2:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/9/2020 - 2:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/9/2020 - 2:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/9/2020 - 2:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/9/2020 - 2:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/9/2020 - 2:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/9/2020 - 2:46:37.106Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/9/2020 - 2:46:37.106Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/9/2020 - 2:46:37.106Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.153Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.200Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.247Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/9/2020 - 2:46:37.247Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.293Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.340Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.387Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.434Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.481Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.528Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.575Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/9/2020 - 2:46:37.575Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/9/2020 - 2:46:37.575Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/9/2020 - 2:46:37.575Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/9/2020 - 2:46:37.715Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:38.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:38.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:38.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:38.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:46:38.90Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:46:38.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:38.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:38.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:38.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:38.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:38.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:38.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:38.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:38.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:38.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:38.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:38.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:38.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:38.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:38.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:38.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:38.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:38.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.28Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:46:39.28Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/9/2020 - 2:46:39.168Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/9/2020 - 2:46:39.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.731Open1480C:\malware.exeC:\malware.config
11/9/2020 - 2:46:39.731Open1480C:\malware.exeC:\pt-BR\ iMi yk.resources.dll
11/9/2020 - 2:46:39.731Open1480C:\malware.exeC:\pt-BR\ iMi yk.resources\ iMi yk.resources.dll
11/9/2020 - 2:46:39.731Open1480C:\malware.exeC:\pt-BR\ iMi yk.resources.exe
11/9/2020 - 2:46:39.731Open1480C:\malware.exeC:\pt-BR\ iMi yk.resources\ iMi yk.resources.exe
11/9/2020 - 2:46:39.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:46:39.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:39.965Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:39.965Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:39.965Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\pt\ iMi yk.resources.dll
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\pt\ iMi yk.resources\ iMi yk.resources.dll
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\pt\ iMi yk.resources.exe
11/9/2020 - 2:46:39.965Open1480C:\malware.exeC:\pt\ iMi yk.resources\ iMi yk.resources.exe
11/9/2020 - 2:46:39.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:39.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.43Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:40.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:40.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:40.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:40.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:46:40.106Open1480C:\malware.exeC:\VERSION.dll
11/9/2020 - 2:46:40.106Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:46:40.106Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:46:40.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:40.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:40.153Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.575Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:40.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:40.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:41.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:42.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:42.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:42.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:42.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:42.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:23.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:23.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:24.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:24.262Open1480C:\malware.exeC:\WindowsCodecs.dll
11/9/2020 - 2:47:24.262Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/9/2020 - 2:47:24.262Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/9/2020 - 2:47:24.262Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/9/2020 - 2:47:24.262Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/9/2020 - 2:47:24.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:24.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:24.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:25.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:26.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:26.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:26.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:27.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:27.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:27.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:27.340Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
11/9/2020 - 2:47:27.387Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:27.387Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:27.481Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:27.481Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:27.575Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.575Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:27.575Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.668Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:27.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:27.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:27.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:27.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:27.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:27.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:27.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:27.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:28.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:28.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:28.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:28.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:30.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:31.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.278Open1480C:\malware.exeC:\ntdll.dll
11/9/2020 - 2:47:32.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
11/9/2020 - 2:47:32.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:32.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:32.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\pt-BR\Loreal.resources.dll
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\pt-BR\Loreal.resources\Loreal.resources.dll
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\pt-BR\Loreal.resources.exe
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\pt-BR\Loreal.resources\Loreal.resources.exe
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\pt\Loreal.resources.dll
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\pt\Loreal.resources\Loreal.resources.dll
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\pt\Loreal.resources.exe
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\pt\Loreal.resources\Loreal.resources.exe
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\SbeewaWpWVeSqVKiAoNBriAgFBSW.dll
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\SbeewaWpWVeSqVKiAoNBriAgFBSW\SbeewaWpWVeSqVKiAoNBriAgFBSW.dll
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\SbeewaWpWVeSqVKiAoNBriAgFBSW.exe
11/9/2020 - 2:47:32.465Open1480C:\malware.exeC:\SbeewaWpWVeSqVKiAoNBriAgFBSW\SbeewaWpWVeSqVKiAoNBriAgFBSW.exe
11/9/2020 - 2:47:32.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.840Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:32.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:32.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.403Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\
11/9/2020 - 2:47:33.403Unknown1480C:\malware.exeC:\
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.403Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.403Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.403Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.403Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ui\SwDRM.dll
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:47:33.403Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.450Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\
11/9/2020 - 2:47:33.450Unknown1480C:\malware.exeC:\
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.450Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.450Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.450Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ui\SwDRM.dll
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:47:33.450Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:47:33.450Open2624C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Prefetch\REGSVCS.EXE-6C19C8B1.pf
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Prefetch\REGSVCS.EXE-6C19C8B1.pf
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64log.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:33.512Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.512Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:33.512Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:47:33.528Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:33.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.528Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.543Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1117281
11/9/2020 - 2:47:33.543Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1117281
11/9/2020 - 2:47:33.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1117281
11/9/2020 - 2:47:33.543Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:47:33.543Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.543Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.543Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.543Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.543Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:33.543Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.543Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
11/9/2020 - 2:47:33.543Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:47:33.543Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:47:33.559Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\CRYPTSP.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\RpcRtRemote.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:47:33.559Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:47:33.559Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:47:33.559Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:47:33.575Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:33.575Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.575Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\l_intl.nls
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CRYPTSP.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.575Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\pubpol4.dat
11/9/2020 - 2:47:33.575Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/9/2020 - 2:47:33.653Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/9/2020 - 2:47:33.653Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\pt-br.nlp
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.653Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.668Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.668Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
11/9/2020 - 2:47:33.668Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:47:33.668Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:47:33.668Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:47:33.668Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:47:33.668Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/9/2020 - 2:47:33.668Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/9/2020 - 2:47:33.668Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/9/2020 - 2:47:33.668Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\ahronbd.ttf
11/9/2020 - 2:47:33.684Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.684Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\tahoma.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:47:33.684Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\malgun.ttf
11/9/2020 - 2:47:33.700Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.700Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\micross.ttf
11/9/2020 - 2:47:33.700Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\segoeui.ttf
11/9/2020 - 2:47:33.700Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msjh.ttf
11/9/2020 - 2:47:33.700Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\msyh.ttf
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.700Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\StaticCache.dat
11/9/2020 - 2:47:33.700Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/9/2020 - 2:47:33.700Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/9/2020 - 2:47:33.700Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:33.715Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.715Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\toeNT.resources.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\toeNT.resources\toeNT.resources.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\toeNT.resources.exe
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\toeNT.resources\toeNT.resources.exe
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.715Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.715Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\pt.nlp
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt\toeNT.resources.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt\toeNT.resources\toeNT.resources.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt\toeNT.resources.exe
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt\toeNT.resources\toeNT.resources.exe
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.715Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:33.715Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:33.731Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:33.731Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:47:33.731Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.793Unknown1480C:\malware.exeC:\Windows
11/9/2020 - 2:47:33.793Unknown1480C:\malware.exeC:\Monitor
11/9/2020 - 2:47:33.793Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.793Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:33.793Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:47:33.809Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:33.856Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:11.934Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WindowsCodecs.dll
11/9/2020 - 2:48:11.934Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/9/2020 - 2:48:11.934Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/9/2020 - 2:48:11.934Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/9/2020 - 2:48:11.934Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/9/2020 - 2:48:12.247Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\en-us.nlp
11/9/2020 - 2:48:12.247Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:12.247Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:12.247Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:12.247Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:12.247Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:12.247Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:12.247Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:12.247Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:12.247Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:12.247Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:12.247Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:12.247Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:48:12.247Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:12.247Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:14.28Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ntdll.dll
11/9/2020 - 2:48:14.28Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
11/9/2020 - 2:48:14.28Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:14.75Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:14.122Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:14.168Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:14.215Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:14.262Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:14.309Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:14.403Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:14.403Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/9/2020 - 2:48:14.590Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.590Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/9/2020 - 2:48:14.590Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.637Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.684Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.731Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.778Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.825Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:14.825Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:48:14.825Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/9/2020 - 2:48:14.825Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/9/2020 - 2:48:14.825Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.825Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/9/2020 - 2:48:14.825Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.825Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.825Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.872Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/9/2020 - 2:48:14.918Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:14.965Read2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\Loreal.resources.dll
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\Loreal.resources\Loreal.resources.dll
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\Loreal.resources.exe
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\Loreal.resources\Loreal.resources.exe
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt\Loreal.resources.dll
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt\Loreal.resources\Loreal.resources.dll
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt\Loreal.resources.exe
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt\Loreal.resources\Loreal.resources.exe
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\IhodfgEAWfdsIlMpWlejAMDpmds.dll
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\IhodfgEAWfdsIlMpWlejAMDpmds\IhodfgEAWfdsIlMpWlejAMDpmds.dll
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\IhodfgEAWfdsIlMpWlejAMDpmds.exe
11/9/2020 - 2:48:15.59Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\IhodfgEAWfdsIlMpWlejAMDpmds\IhodfgEAWfdsIlMpWlejAMDpmds.exe
11/9/2020 - 2:48:15.153Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:15.153Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\apphelp.dll
11/9/2020 - 2:48:15.153Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\apphelp.dll
11/9/2020 - 2:48:15.153Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:48:15.153Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:48:15.153Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\AppPatch\sysmain.sdb
11/9/2020 - 2:48:15.153Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Prefetch\REGSVCS.EXE-6C19C8B1.pf
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64log.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:48:15.200Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:48:15.200Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:48:15.200Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:15.200Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:48:15.200Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:48:15.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.215Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:48:15.215Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:48:15.215Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.215Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:48:15.215Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.215Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.215Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.215Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.215Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:48:15.215Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:15.215Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:15.215Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
11/9/2020 - 2:48:15.215Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2924.1225078
11/9/2020 - 2:48:15.215Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2924.1225078
11/9/2020 - 2:48:15.215Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2924.1225078
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/9/2020 - 2:48:15.215Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:15.215Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:15.215Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
11/9/2020 - 2:48:15.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:48:15.231Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:48:15.231Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:48:15.231Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:48:15.231Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:48:15.231Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:48:15.231Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
11/9/2020 - 2:48:15.231Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
11/9/2020 - 2:48:15.231Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:48:15.231Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:48:15.278Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RpcRtRemote.dll
11/9/2020 - 2:48:15.278Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:48:15.278Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:48:15.278Open2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:48:15.278Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:48:15.278Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:48:15.278Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:48:15.278Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\l_intl.nls
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CRYPTSP.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.278Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:48:15.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:48:15.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:48:15.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:48:15.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:48:15.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.309Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\pubpol4.dat
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:48:15.387Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:15.387Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:48:15.387Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.387Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.387Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.387Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.387Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:48:15.387Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:15.387Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:15.387Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:15.450Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:15.497Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
11/9/2020 - 2:48:15.497Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor
11/9/2020 - 2:48:15.497Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.497Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:15.497Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:48:15.497Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/9/2020 - 2:48:15.497Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:48:15.497Unknown2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:48:15.497Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:15.543Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:15.590Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:15.637Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:15.684Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:15.731Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:15.778Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:15.778Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\pt-br.nlp
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:48:15.778Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:48:15.778Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.778Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.778Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.778Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.778Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.778Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.778Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.778Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\bcrypt.dll
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
11/9/2020 - 2:48:15.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
11/9/2020 - 2:48:15.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:15.872Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:15.918Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:15.965Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:16.12Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:16.59Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:16.106Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:16.153Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:16.200Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:16.247Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:16.293Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:16.340Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\dwmapi.dll
11/9/2020 - 2:48:16.340Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
11/9/2020 - 2:48:16.340Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
11/9/2020 - 2:48:16.340Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.387Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.434Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.481Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.528Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.575Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.622Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.668Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.715Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.762Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.809Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.856Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:16.903Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:16.903Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:48:16.903Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:16.950Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:16.997Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:17.43Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:28.481Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
11/9/2020 - 2:48:28.481Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:28.481Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:48:28.481Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:28.481Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:28.575Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RpcRtRemote.dll
11/9/2020 - 2:48:28.575Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:48:28.575Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:48:28.575Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:48:28.575Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:48:28.622Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
11/9/2020 - 2:48:28.668Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
11/9/2020 - 2:48:28.668Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
11/9/2020 - 2:48:28.965Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
11/9/2020 - 2:48:28.965Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
11/9/2020 - 2:48:29.434Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
11/9/2020 - 2:48:29.434Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
11/9/2020 - 2:48:29.434Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
11/9/2020 - 2:48:29.434Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
11/9/2020 - 2:48:29.434Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:29.825Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\SXS.DLL
11/9/2020 - 2:48:29.825Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
11/9/2020 - 2:48:29.825Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
11/9/2020 - 2:48:29.825Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:48:29.825Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:30.309Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:48:30.309Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:30.309Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:48:30.309Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:48:30.309Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:48:30.309Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:30.309Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:30.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.309Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:48:30.325Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:30.325Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:30.325Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:30.325Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:30.325Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:30.325Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
11/9/2020 - 2:48:31.262Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
11/9/2020 - 2:48:31.262Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:31.262Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:31.356Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.403Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.450Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:31.497Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:31.590Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.590Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.637Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.684Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:31.731Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:31.778Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11/9/2020 - 2:48:31.825Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:48:31.825Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11/9/2020 - 2:48:31.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:48:31.872Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:48:31.918Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:48:31.965Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:48:32.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11/9/2020 - 2:48:32.12Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:48:32.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:48:32.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:32.12Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:32.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:48:32.12Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:48:32.12Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:48:32.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
11/9/2020 - 2:48:38.981Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:38.981Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:38.981Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:48:42.75Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:42.122Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:42.215Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:45.293Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData
11/9/2020 - 2:48:45.293Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:45.293Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users
11/9/2020 - 2:48:45.293Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA
11/9/2020 - 2:48:45.293Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:45.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:45.293Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:45.293Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:45.293Write2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:45.293Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:45.293Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:48:49.465Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:49.465Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe
11/9/2020 - 2:48:49.465Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\BAVLA\BAVLA.exe:Zone.Identifier
11/9/2020 - 2:49:0.793Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:0.840Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:0.887Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:0.934Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:0.981Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.28Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.75Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.122Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:1.168Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:1.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\shfolder.dll
11/9/2020 - 2:49:1.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:49:1.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:49:1.215Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:49:1.215Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:49:1.215Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.262Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:1.309Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:1.356Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:1.403Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
11/9/2020 - 2:49:1.528Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Torch\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
11/9/2020 - 2:49:1.543Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\liebao\User Data
11/9/2020 - 2:49:1.543Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.590Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.637Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.684Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.731Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.778Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.825Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.872Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.918Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:1.965Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
11/9/2020 - 2:49:1.965Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\en-us.nlp
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:49:2.12Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
11/9/2020 - 2:49:2.12Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:49:2.12Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:49:2.12Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:49:2.12Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:49:2.12Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:49:2.12Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:49:2.12Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:49:2.12Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:49:2.12Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:49:2.12Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:49:2.59Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:49:2.106Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:2.153Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:2.200Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
11/9/2020 - 2:49:2.200Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:2.247Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
11/9/2020 - 2:49:2.247Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor\Folder.lst
11/9/2020 - 2:49:2.247Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Storage
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\mail
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\UCBrowser
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\The Bat!
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
11/9/2020 - 2:49:2.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
11/9/2020 - 2:49:2.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
11/9/2020 - 2:49:2.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
11/9/2020 - 2:49:2.356Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:49:2.637Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:49:2.684Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:49:2.684Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:49:2.684Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.684Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.684Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.684Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.684Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.684Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.684Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.700Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.700Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:49:2.700Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:49:2.700Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.700Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.700Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.700Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.700Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.700Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:49:2.700Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
11/9/2020 - 2:49:2.700Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
11/9/2020 - 2:49:2.700Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:2.700Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
11/9/2020 - 2:49:2.700Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
11/9/2020 - 2:49:2.700Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)
11/9/2020 - 2:49:2.700Unknown2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)
11/9/2020 - 2:49:2.762Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:2.809Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:49:2.856Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
11/9/2020 - 2:49:2.856Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:49:2.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
11/9/2020 - 2:49:2.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
11/9/2020 - 2:49:2.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
11/9/2020 - 2:49:2.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
11/9/2020 - 2:49:2.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
11/9/2020 - 2:49:2.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
11/9/2020 - 2:49:2.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
11/9/2020 - 2:49:2.903Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
11/9/2020 - 2:49:2.903Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:2.950Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:2.997Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.43Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.90Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.137Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.184Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.231Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.278Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.325Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.372Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.418Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
11/9/2020 - 2:49:3.418Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.465Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:3.512Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
11/9/2020 - 2:49:3.512Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
11/9/2020 - 2:49:3.512Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
11/9/2020 - 2:49:3.512Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
11/9/2020 - 2:49:4.293Read2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:49:4.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
11/9/2020 - 2:49:4.293Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
11/9/2020 - 2:49:12.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:49:12.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:49:12.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:49:12.309Open2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll

Process
Trace
11/9/2020 - 2:47:33.403Create1480C:\malware.exe2624C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.450Create1480C:\malware.exe2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:47:33.450Terminate1480C:\malware.exe2624C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:15.153Create2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
11/9/2020 - 2:48:15.497Terminate1480C:\malware.exe2924C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
11/9/2020 - 2:45:52.840Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
11/9/2020 - 2:48:45.340Write2248C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeHKCU\Software\Microsoft\Windows\CurrentVersion\RunBAVLA

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 66.88%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 51.59%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 54.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 71.51%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.91%
suspicious: True check_circle

Add to Collection
Download