Report #7086 check_circle

  • Creation Date: Feb. 20, 2020, 4:38 p.m.
  • Last Update: Feb. 20, 2020, 10:31 p.m.
  • File: update.exe
  • Results:
Binary
DLL
False cancel
Size
285.00KB
trid
81.0% Generic CIL Executable
7.2% Win32 Dynamic Link Library
4.9% Win32 Executable
2.2% OS/2 Executable
2.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
8342c6e18f56224efa8f53a59c89d2b8
sha1
00a524f1d2e72247d8d0f199fab1893c0dfb858a
crc32
0x878d4fe0
sha224
9a1ea7d09ef8d665dff0f1c300fc6efaab57501969d03fb4159ae045
sha256
c6f2fe6dc18f8c9aa546c9b165ed7b6ba0e33c8c8bb678cd9435fd4b72588fa4
sha384
5fa0525225ff639693332271d93349587825d1a04df01dc9153efc066a37c7c3b4988213af51805de2bb324b91b2a417
sha512
d82ca2377ab36f717efc965f4505a779f9a12c5c01b14d6370b8c4f3171b722b544bad3b19a4f153b45c17d82f0d0f5d0e83a10c8c6f9444a153fb88395ff0a1
ssdeep
6144:dve+BLkll5svGStINcDWN1lhZZT3TCVJyctTxENnW9Wq:xe+BL7v3tINocT1T3OVJPOsR
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, HasDebugData, url, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
System.Security
rl.aF
UpE.paY
System.IO
dulos\Desenvolvimento\cmd\cmd\bin\Release\CryptoObfuscator_Output\update.pdb
System.Net
update.Properties
System.Management
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
System.Net.Sockets
System.Security.Cryptography
Q.Uk
System.Net.NetworkInformation
System.IO.Compression
B.rsrc
15.1.0.0
update.exe
update.exe
update.exe
cf1d373c041a23dc7c7df908367b7272d
c1315174db363364230068ef084831a3b
c02f3399bceeb834eee2a8df2c731b362
c1ff0fb47fb4f79fefdcd3ce8347321ac
cd31a4be241b4812721ecfc4223934df9
HostProtectionException
4.0.0.0
name="Microsoft.Windows.Common-Controls"
)%iG~e
get_OperandType
3System.Resources.Tools.StronglyTypedResourceBuilder
Next
Delete
LoadLibrary
Delegate
CreateDelegate
DeleteTask
MulticastDelegate
System.Windows.Forms
publickeytoken=
Z:\D\Work\Projeto\M
cf1a12e0eb141a9b52e3db6cf8b0f9b51
c6596ce7dda01477a81a620b880f28d3f
mscoree.dll
get_GatewayAddresses
set_UseShellExecute
get_RootFolder
c771a0ea1385071aaae20a0c6cc17b413
c02c2a194f846b4aaa8ca46a287692276
get_UserName
get_MachineName
set_ExecutionTimeLimit
get_ResourceManager
get_RegistrationInfo
publicKeyToken="6595b64144ccf1df"
ProcessHandle
ce4592dfc9c4a0b0e66cc6571ace60222
c79f9ba9a7a5dd4908e6fd5c4a87f5195
c1a82503a24418133186ed134595c7d29
cf94608783f9022969e34f278e6cfaaff
c8746f0cd502523ae09399cf932e54238
ce9d96b893447e4f40b42fad0fbc7243e
ca922a5afeea529f95e62114e7019b39a
cb632ee7427d338375e5350d188555321
ca9995076700b55eb9fa23fbc6ce939b3
c85520a3344f63709e5f4397fd83ea425
c9989006c5ab69cefb605a8819b7c2c1e
c236c120cae26692691d4ac83789fef63
c219f75cfc08470da418a0207491b7e0f
ceb3251b973b8e05e50632ad34eee5d36
c9f5a80f36a88e92b7b0f51993a53976b
c511da32df2e85d65753e678e1d6f17c8
ceb9a997167093872d96b1105b9224912
c6f58f51ffa31f52f27ecf0a5d753e441
c760ce5590e6b6487fc2260e1aab6827a
c1f433e978b48fbed0e4851ed90978490
c0eaa9493dce99c61028e76a56b019ede
c098a0e1c8668e8cdb1648c68a5ae3c33
ca2640308e6a335323f3e9da100999784
cf4c409a6a7c5d0639aec4000d92d21bc
ce84781395e832cffa78c08ec10f2b077
c62f59a359c29342aa5ad121d742c0963
c36e93740589a5a6da7fc8999e32dd378
c8456de91f41de762a4441b6393244567
c1c8664942142bed75c0a2c229b07a7c7
c031423322f1084f317e31c16aa87c4df
c07c36ea8adb463169cb22a077342a78c
ce2946c5811935929009e62d32ced0a66
c4eb6fd12a44c11519ae89fa42bf928c5
c2ae6644116521f73ae3592225399b523
cbf7b30a8a9e759be808401ba4713809c
c372f57440942048507ea37d023b69677
cf13952a45ac50a244aaf75c305554ebe
c6c2daa97f563f73e372e807ff74a4020
cd132d4a440787787bb43eb0b5e178efd
c38195c0a68136af18346b6230cd820a2
c0770f4e8a52a74107f26e700e58a6f5e
c75087367ba61517ba7070bc3e57fd8d3
c08894cb231928a729e12687f3af2aa77
c1ee02066b2f2ea73de31d3e5e80c8234

Foremost
Matches
0.exe, 285 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: user32.dll, kernel32.dll, mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 290816
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 293410
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll, mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-05-01 22:24:51
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 91

pushpopmath
.rsrc: 6
.text: 173

ss register
.text: 4

garbagebytes
.text: 30

hookdetection
.text: 1

software breakpoint
.text: 3

fakeconditionaljumps
.text: 1

programcontrolflowchange
.text: 29

cpuinstructionsresultscomparison
.text: 25

AVclass
None
1
VirusTotal
md5
8342c6e18f56224efa8f53a59c89d2b8
sha1
00a524f1d2e72247d8d0f199fab1893c0dfb858a
SCANS (DETECTION RATE = 48.53%)
AVG
result: Win32:Rootkit-gen [Rtk]
update: 20180715
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180714
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180715
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180713
version: 1.3.0.9466
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20180715
version: 10.53.27759
detected: True check_circle

ALYac
update: 20180715
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:Rootkit-gen [Rtk]
update: 20180715
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1008186
update: 20180714
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180712
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.EUYJ-6340
update: 20180715
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180715
version: 7.0.33.6080
detected: False cancel

GData
update: 20180715
version: A:25.17783B:25.12728
detected: False cancel

Panda
result: Trj/GdSda.A
update: 20180715
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20180713
version: 3.12.32.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180715
version: 68128
detected: True check_circle

Zoner
update: 20180714
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180715
version: 1.6.0.52
detected: True check_circle

ClamAV
update: 20180715
version: 0.100.1.0
detected: False cancel

Comodo
update: 20180715
detected: False cancel

F-Prot
update: 20180715
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20180715
version: 0.1.5.2
detected: False cancel

McAfee
result: Artemis!8342C6E18F56
update: 20180715
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Agent!8.B1E (CLOUD)
update: 20180715
version: 25.0.0.20
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180715
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!c7Qk4orGrak
update: 20180713
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180713
version: 2.0.0.3594
detected: False cancel

Arcabit
update: 20180715
version: 1.0.0.831
detected: False cancel

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180715
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180711
version: 3.0.0
detected: True check_circle

TACHYON
update: 20180715
version: 2018-07-15.02
detected: False cancel

Tencent
result: Msil.Trojan.Agent.Dyfy
update: 20180715
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180714
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180715
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180715
detected: False cancel

Ad-Aware
update: 20180715
version: 3.0.5.370
detected: False cancel

AegisLab
result: Troj.Msil.Agent!c
update: 20180715
version: 4.2
detected: True check_circle

Emsisoft
update: 20180715
version: 2018.4.0.1029
detected: False cancel

F-Secure
update: 20180715
version: 11.0.19100.45
detected: False cancel

Fortinet
result: W32/Agent.FPIG!tr
update: 20180715
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180601
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20180715
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180715
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20180715
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20180714
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
update: 20180714
version: 3.13.1.21452
detected: False cancel

Antiy-AVL
update: 20180715
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan.MSIL.Agent.fpig
update: 20180715
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Tiggre!rfn
update: 20180714
version: 1.1.15000.2
detected: True check_circle

Qihoo-360
result: Win32/Trojan.bee
update: 20180715
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180712
version: 6.8.0.5.3314
detected: False cancel

ZoneAlarm
result: Trojan.MSIL.Agent.fpig
update: 20180715
version: 1.0
detected: True check_circle

Cybereason
result: malicious.18f562
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
update: 20180715
version: 17717
detected: False cancel

TrendMicro
result: TROJ_GEN.R002C0WBG18
update: 20180715
version: 10.0.0.1040
detected: True check_circle

BitDefender
update: 20180715
version: 7.2
detected: False cancel

CrowdStrike
result: malicious_confidence_100% (D)
update: 20180530
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20180715
version: 10.53.27759
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180701
version: 1.0.17.227
detected: True check_circle

Avast-Mobile
update: 20180715
version: 180714-04
detected: False cancel

Malwarebytes
update: 20180715
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180715
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.MSIL
update: 20180714
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Agent.epqtmd
update: 20180715
version: 1.0.116.23366
detected: True check_circle

MicroWorld-eScan
update: 20180715
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20180715
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20180715
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0WBG18
update: 20180715
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
c6f2fe6dc18f8c9aa546c9b165ed7b6ba0e33c8c8bb678cd9435fd4b72588fa4
scan_id
c6f2fe6dc18f8c9aa546c9b165ed7b6ba0e33c8c8bb678cd9435fd4b72588fa4-1531648705
resource
8342c6e18f56224efa8f53a59c89d2b8
positives
33
scan_date
2018-07-15 09:58:25
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:42.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\
20/2/2020 - 21:45:42.637Unknown1480C:\malware.exeC:\
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:42.637Unknown1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:42.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:42.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:42.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
20/2/2020 - 21:45:42.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:42.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:42.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:42.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:42.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:42.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:42.684Open1480C:\malware.exeC:\malware.exe.config
20/2/2020 - 21:45:42.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
20/2/2020 - 21:45:42.934Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:42.934Unknown1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 21:45:42.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
20/2/2020 - 21:45:42.950Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.950Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:45:42.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:45:42.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:42.965Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\
20/2/2020 - 21:45:42.965Unknown1480C:\malware.exeC:\
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:42.965Unknown1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:42.965Unknown1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:42.965Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\CRYPTBASE.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
20/2/2020 - 21:45:42.965Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
20/2/2020 - 21:45:42.965Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
20/2/2020 - 21:45:42.965Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:43.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:43.28Open1480C:\malware.exeC:\malware.config
20/2/2020 - 21:45:43.28Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:43.28Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:43.28Open1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:43.28Unknown1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.28Open1480C:\malware.exeC:\Windows\System32\l_intl.nls
20/2/2020 - 21:45:43.28Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:43.28Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:43.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
20/2/2020 - 21:45:43.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
20/2/2020 - 21:45:43.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
20/2/2020 - 21:45:43.43Open1480C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:43.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:43.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:43.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:43.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:43.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:44.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:45.872Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
20/2/2020 - 21:45:45.872Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
20/2/2020 - 21:45:45.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
20/2/2020 - 21:45:45.872Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:45.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
20/2/2020 - 21:45:45.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:45.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:45.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:45.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:45.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:45:45.872Open1480C:\malware.exeC:\update&.dll
20/2/2020 - 21:45:45.872Open1480C:\malware.exeC:\update&\update&.dll
20/2/2020 - 21:45:45.872Open1480C:\malware.exeC:\update&.exe
20/2/2020 - 21:45:45.872Open1480C:\malware.exeC:\update&\update&.exe
20/2/2020 - 21:45:45.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
20/2/2020 - 21:45:46.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
20/2/2020 - 21:45:46.106Open1480C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:46.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:46.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:46.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:46.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:45:46.106Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR
20/2/2020 - 21:45:46.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
20/2/2020 - 21:45:46.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
20/2/2020 - 21:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
20/2/2020 - 21:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:45:46.122Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
20/2/2020 - 21:45:46.122Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
20/2/2020 - 21:45:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:46.590Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
20/2/2020 - 21:45:46.731Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:46.731Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
20/2/2020 - 21:45:46.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:46.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:46.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.575Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:45:47.762Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:45:47.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:49.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:49.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:49.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:49.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\CRYPTSP.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
20/2/2020 - 21:45:49.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:49.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:49.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:50.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:50.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:50.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:50.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:50.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:51.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:51.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:51.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:51.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:51.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:51.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:51.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.122Open1480C:\malware.exeC:\Windows\assembly
20/2/2020 - 21:45:52.122Unknown1480C:\malware.exeC:\Windows\assembly
20/2/2020 - 21:45:52.122Open1480C:\malware.exeC:\Windows\assembly\Desktop.ini
20/2/2020 - 21:45:52.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\update&\1.0.0.0__ab917a421742ccdd
20/2/2020 - 21:45:52.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:52.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:53.528Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
20/2/2020 - 21:45:53.668Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:53.668Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
20/2/2020 - 21:45:53.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:53.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:53.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:53.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:53.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:54.90Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.231Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:54.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:45:55.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:45:55.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:55.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
20/2/2020 - 21:45:55.825Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
20/2/2020 - 21:45:55.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:55.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:55.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:55.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:56.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:56.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:56.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:56.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:57.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:57.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:57.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:57.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:57.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:57.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.372Open1480C:\malware.exeC:\RpcRtRemote.dll
20/2/2020 - 21:45:59.372Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
20/2/2020 - 21:45:59.372Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 21:45:59.372Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
20/2/2020 - 21:45:59.372Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.418Open1480C:\malware.exeC:\SspiCli.dll
20/2/2020 - 21:45:59.418Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
20/2/2020 - 21:45:59.418Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
20/2/2020 - 21:45:59.418Open1480C:\malware.exeC:\Windows\System32\tzres.dll
20/2/2020 - 21:45:59.418Open1480C:\malware.exeC:\Windows\System32\tzres.dll
20/2/2020 - 21:45:59.418Open1480C:\malware.exeC:\Windows\System32\tzres.dll
20/2/2020 - 21:45:59.418Open1480C:\malware.exeC:\Windows\System32\tzres.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:45:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:45:59.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:0.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:0.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:0.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:0.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:0.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:0.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:0.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:0.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:0.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:0.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:0.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:0.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:0.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:0.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:0.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:0.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:0.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:0.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:1.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:1.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:1.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:1.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:1.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:1.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:1.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:1.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:1.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:1.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:1.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:1.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:1.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:1.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:1.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:1.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:1.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:1.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:2.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:2.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:2.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:2.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Gdiplus.dll
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
20/2/2020 - 21:46:2.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\ShFolder.DLL
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:46:2.231Unknown1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:46:2.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\System32\GDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:46:2.231Unknown1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:46:2.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:2.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:2.231Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
20/2/2020 - 21:46:2.231Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
20/2/2020 - 21:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
20/2/2020 - 21:46:2.262Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
20/2/2020 - 21:46:2.262Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
20/2/2020 - 21:46:2.262Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
20/2/2020 - 21:46:2.262Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
20/2/2020 - 21:46:2.262Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
20/2/2020 - 21:46:2.262Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
20/2/2020 - 21:46:2.262Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
20/2/2020 - 21:46:2.278Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
20/2/2020 - 21:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
20/2/2020 - 21:46:2.309Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
20/2/2020 - 21:46:2.325Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
20/2/2020 - 21:46:2.325Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
20/2/2020 - 21:46:2.325Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
20/2/2020 - 21:46:2.325Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
20/2/2020 - 21:46:2.325Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
20/2/2020 - 21:46:2.340Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
20/2/2020 - 21:46:2.340Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
20/2/2020 - 21:46:2.340Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
20/2/2020 - 21:46:2.340Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
20/2/2020 - 21:46:2.356Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
20/2/2020 - 21:46:2.372Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
20/2/2020 - 21:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
20/2/2020 - 21:46:2.403Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
20/2/2020 - 21:46:2.418Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
20/2/2020 - 21:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
20/2/2020 - 21:46:3.809Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
20/2/2020 - 21:46:4.184Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
20/2/2020 - 21:46:4.606Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
20/2/2020 - 21:46:4.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
20/2/2020 - 21:46:4.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
20/2/2020 - 21:46:4.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
20/2/2020 - 21:46:5.637Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
20/2/2020 - 21:46:6.387Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
20/2/2020 - 21:46:6.762Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
20/2/2020 - 21:46:7.184Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
20/2/2020 - 21:46:7.559Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
20/2/2020 - 21:46:7.559Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
20/2/2020 - 21:46:7.559Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
20/2/2020 - 21:46:7.700Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
20/2/2020 - 21:46:7.747Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
20/2/2020 - 21:46:7.747Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
20/2/2020 - 21:46:7.747Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
20/2/2020 - 21:46:8.75Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
20/2/2020 - 21:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
20/2/2020 - 21:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
20/2/2020 - 21:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
20/2/2020 - 21:46:8.731Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
20/2/2020 - 21:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
20/2/2020 - 21:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
20/2/2020 - 21:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
20/2/2020 - 21:46:9.434Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
20/2/2020 - 21:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
20/2/2020 - 21:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
20/2/2020 - 21:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
20/2/2020 - 21:46:10.184Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
20/2/2020 - 21:46:10.559Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
20/2/2020 - 21:46:10.559Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
20/2/2020 - 21:46:10.559Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
20/2/2020 - 21:46:11.75Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
20/2/2020 - 21:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
20/2/2020 - 21:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
20/2/2020 - 21:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
20/2/2020 - 21:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
20/2/2020 - 21:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
20/2/2020 - 21:46:11.965Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
20/2/2020 - 21:46:12.418Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
20/2/2020 - 21:46:12.418Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
20/2/2020 - 21:46:12.418Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
20/2/2020 - 21:46:12.418Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
20/2/2020 - 21:46:12.418Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
20/2/2020 - 21:46:12.559Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
20/2/2020 - 21:46:12.653Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
20/2/2020 - 21:46:12.653Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
20/2/2020 - 21:46:12.653Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
20/2/2020 - 21:46:13.75Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
20/2/2020 - 21:46:13.497Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
20/2/2020 - 21:46:13.590Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
20/2/2020 - 21:46:13.684Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
20/2/2020 - 21:46:13.684Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
20/2/2020 - 21:46:13.684Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
20/2/2020 - 21:46:14.59Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
20/2/2020 - 21:46:14.434Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
20/2/2020 - 21:46:14.528Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
20/2/2020 - 21:46:14.528Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
20/2/2020 - 21:46:14.528Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
20/2/2020 - 21:46:14.622Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
20/2/2020 - 21:46:14.622Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
20/2/2020 - 21:46:14.622Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
20/2/2020 - 21:46:14.622Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
20/2/2020 - 21:46:14.715Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
20/2/2020 - 21:46:14.715Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
20/2/2020 - 21:46:14.715Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
20/2/2020 - 21:46:14.715Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
20/2/2020 - 21:46:14.809Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
20/2/2020 - 21:46:14.809Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
20/2/2020 - 21:46:14.809Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
20/2/2020 - 21:46:14.809Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
20/2/2020 - 21:46:14.950Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
20/2/2020 - 21:46:15.43Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
20/2/2020 - 21:46:15.43Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
20/2/2020 - 21:46:15.43Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
20/2/2020 - 21:46:15.184Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
20/2/2020 - 21:46:15.231Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
20/2/2020 - 21:46:15.231Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
20/2/2020 - 21:46:15.231Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
20/2/2020 - 21:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
20/2/2020 - 21:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
20/2/2020 - 21:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
20/2/2020 - 21:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
20/2/2020 - 21:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
20/2/2020 - 21:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
20/2/2020 - 21:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
20/2/2020 - 21:46:15.465Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
20/2/2020 - 21:46:15.559Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
20/2/2020 - 21:46:15.559Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
20/2/2020 - 21:46:15.559Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
20/2/2020 - 21:46:15.559Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
20/2/2020 - 21:46:15.653Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
20/2/2020 - 21:46:15.653Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
20/2/2020 - 21:46:15.653Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
20/2/2020 - 21:46:15.653Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
20/2/2020 - 21:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
20/2/2020 - 21:46:15.934Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
20/2/2020 - 21:46:15.934Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
20/2/2020 - 21:46:15.934Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
20/2/2020 - 21:46:16.75Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
20/2/2020 - 21:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
20/2/2020 - 21:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
20/2/2020 - 21:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
20/2/2020 - 21:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
20/2/2020 - 21:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
20/2/2020 - 21:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
20/2/2020 - 21:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
20/2/2020 - 21:46:16.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
20/2/2020 - 21:46:16.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
20/2/2020 - 21:46:16.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
20/2/2020 - 21:46:16.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
20/2/2020 - 21:46:16.309Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
20/2/2020 - 21:46:16.309Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
20/2/2020 - 21:46:16.309Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
20/2/2020 - 21:46:16.309Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
20/2/2020 - 21:46:16.450Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
20/2/2020 - 21:46:16.543Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
20/2/2020 - 21:46:16.684Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
20/2/2020 - 21:46:16.778Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
20/2/2020 - 21:46:16.778Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
20/2/2020 - 21:46:16.778Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
20/2/2020 - 21:46:16.918Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
20/2/2020 - 21:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
20/2/2020 - 21:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
20/2/2020 - 21:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
20/2/2020 - 21:46:17.106Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
20/2/2020 - 21:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
20/2/2020 - 21:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
20/2/2020 - 21:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
20/2/2020 - 21:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
20/2/2020 - 21:46:17.528Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
20/2/2020 - 21:46:17.715Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
20/2/2020 - 21:46:17.715Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
20/2/2020 - 21:46:17.715Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
20/2/2020 - 21:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
20/2/2020 - 21:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
20/2/2020 - 21:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
20/2/2020 - 21:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
20/2/2020 - 21:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
20/2/2020 - 21:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
20/2/2020 - 21:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
20/2/2020 - 21:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
20/2/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
20/2/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
20/2/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
20/2/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
20/2/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
20/2/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
20/2/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
20/2/2020 - 21:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
20/2/2020 - 21:46:18.137Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
20/2/2020 - 21:46:18.231Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
20/2/2020 - 21:46:18.231Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
20/2/2020 - 21:46:18.231Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
20/2/2020 - 21:46:18.278Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
20/2/2020 - 21:46:18.278Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
20/2/2020 - 21:46:18.278Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
20/2/2020 - 21:46:18.278Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
20/2/2020 - 21:46:18.418Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
20/2/2020 - 21:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
20/2/2020 - 21:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
20/2/2020 - 21:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
20/2/2020 - 21:46:18.606Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
20/2/2020 - 21:46:18.606Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
20/2/2020 - 21:46:18.606Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
20/2/2020 - 21:46:18.606Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
20/2/2020 - 21:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
20/2/2020 - 21:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
20/2/2020 - 21:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
20/2/2020 - 21:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
20/2/2020 - 21:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
20/2/2020 - 21:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
20/2/2020 - 21:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
20/2/2020 - 21:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
20/2/2020 - 21:46:18.887Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
20/2/2020 - 21:46:18.887Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
20/2/2020 - 21:46:18.887Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
20/2/2020 - 21:46:18.887Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
20/2/2020 - 21:46:18.981Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
20/2/2020 - 21:46:18.981Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
20/2/2020 - 21:46:18.981Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
20/2/2020 - 21:46:18.981Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
20/2/2020 - 21:46:19.122Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
20/2/2020 - 21:46:19.122Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
20/2/2020 - 21:46:19.122Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
20/2/2020 - 21:46:19.122Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
20/2/2020 - 21:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
20/2/2020 - 21:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
20/2/2020 - 21:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
20/2/2020 - 21:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
20/2/2020 - 21:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
20/2/2020 - 21:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
20/2/2020 - 21:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
20/2/2020 - 21:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
20/2/2020 - 21:46:19.356Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
20/2/2020 - 21:46:19.450Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:19.450Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:19.450Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:19.450Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:19.450Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
20/2/2020 - 21:46:19.450Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
20/2/2020 - 21:46:19.450Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
20/2/2020 - 21:46:19.543Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
20/2/2020 - 21:46:19.543Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
20/2/2020 - 21:46:19.543Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
20/2/2020 - 21:46:19.543Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
20/2/2020 - 21:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
20/2/2020 - 21:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
20/2/2020 - 21:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
20/2/2020 - 21:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
20/2/2020 - 21:46:19.731Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
20/2/2020 - 21:46:19.731Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
20/2/2020 - 21:46:19.731Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
20/2/2020 - 21:46:19.731Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
20/2/2020 - 21:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
20/2/2020 - 21:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
20/2/2020 - 21:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
20/2/2020 - 21:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
20/2/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
20/2/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
20/2/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
20/2/2020 - 21:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
20/2/2020 - 21:46:20.12Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
20/2/2020 - 21:46:20.12Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
20/2/2020 - 21:46:20.12Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
20/2/2020 - 21:46:20.12Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
20/2/2020 - 21:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
20/2/2020 - 21:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
20/2/2020 - 21:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
20/2/2020 - 21:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
20/2/2020 - 21:46:20.200Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
20/2/2020 - 21:46:20.200Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
20/2/2020 - 21:46:20.200Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
20/2/2020 - 21:46:20.200Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
20/2/2020 - 21:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
20/2/2020 - 21:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
20/2/2020 - 21:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
20/2/2020 - 21:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
20/2/2020 - 21:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
20/2/2020 - 21:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
20/2/2020 - 21:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
20/2/2020 - 21:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
20/2/2020 - 21:46:20.481Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
20/2/2020 - 21:46:20.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
20/2/2020 - 21:46:20.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
20/2/2020 - 21:46:20.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
20/2/2020 - 21:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
20/2/2020 - 21:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
20/2/2020 - 21:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
20/2/2020 - 21:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
20/2/2020 - 21:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
20/2/2020 - 21:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
20/2/2020 - 21:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
20/2/2020 - 21:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
20/2/2020 - 21:46:20.903Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
20/2/2020 - 21:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
20/2/2020 - 21:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
20/2/2020 - 21:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
20/2/2020 - 21:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
20/2/2020 - 21:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
20/2/2020 - 21:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
20/2/2020 - 21:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
20/2/2020 - 21:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
20/2/2020 - 21:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
20/2/2020 - 21:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
20/2/2020 - 21:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
20/2/2020 - 21:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
20/2/2020 - 21:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
20/2/2020 - 21:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
20/2/2020 - 21:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
20/2/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
20/2/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
20/2/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
20/2/2020 - 21:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
20/2/2020 - 21:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
20/2/2020 - 21:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
20/2/2020 - 21:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
20/2/2020 - 21:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
20/2/2020 - 21:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
20/2/2020 - 21:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
20/2/2020 - 21:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
20/2/2020 - 21:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
20/2/2020 - 21:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
20/2/2020 - 21:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
20/2/2020 - 21:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
20/2/2020 - 21:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
20/2/2020 - 21:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
20/2/2020 - 21:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
20/2/2020 - 21:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
20/2/2020 - 21:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
20/2/2020 - 21:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
20/2/2020 - 21:46:21.887Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
20/2/2020 - 21:46:21.887Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
20/2/2020 - 21:46:21.887Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
20/2/2020 - 21:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
20/2/2020 - 21:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
20/2/2020 - 21:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
20/2/2020 - 21:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
20/2/2020 - 21:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
20/2/2020 - 21:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
20/2/2020 - 21:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
20/2/2020 - 21:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
20/2/2020 - 21:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
20/2/2020 - 21:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
20/2/2020 - 21:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
20/2/2020 - 21:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
20/2/2020 - 21:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
20/2/2020 - 21:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
20/2/2020 - 21:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
20/2/2020 - 21:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
20/2/2020 - 21:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
20/2/2020 - 21:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
20/2/2020 - 21:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
20/2/2020 - 21:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
20/2/2020 - 21:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
20/2/2020 - 21:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
20/2/2020 - 21:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
20/2/2020 - 21:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
20/2/2020 - 21:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
20/2/2020 - 21:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
20/2/2020 - 21:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
20/2/2020 - 21:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
20/2/2020 - 21:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
20/2/2020 - 21:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
20/2/2020 - 21:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
20/2/2020 - 21:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\script.fon
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\script.fon
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\script.fon
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
20/2/2020 - 21:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
20/2/2020 - 21:46:22.731Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
20/2/2020 - 21:46:22.731Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
20/2/2020 - 21:46:22.731Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
20/2/2020 - 21:46:22.731Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
20/2/2020 - 21:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
20/2/2020 - 21:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
20/2/2020 - 21:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
20/2/2020 - 21:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
20/2/2020 - 21:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
20/2/2020 - 21:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
20/2/2020 - 21:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
20/2/2020 - 21:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
20/2/2020 - 21:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
20/2/2020 - 21:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
20/2/2020 - 21:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
20/2/2020 - 21:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
20/2/2020 - 21:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
20/2/2020 - 21:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
20/2/2020 - 21:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
20/2/2020 - 21:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
20/2/2020 - 21:46:23.481Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
20/2/2020 - 21:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
20/2/2020 - 21:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
20/2/2020 - 21:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
20/2/2020 - 21:46:23.762Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
20/2/2020 - 21:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
20/2/2020 - 21:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
20/2/2020 - 21:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
20/2/2020 - 21:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
20/2/2020 - 21:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
20/2/2020 - 21:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
20/2/2020 - 21:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
20/2/2020 - 21:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
20/2/2020 - 21:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
20/2/2020 - 21:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
20/2/2020 - 21:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
20/2/2020 - 21:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
20/2/2020 - 21:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
20/2/2020 - 21:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
20/2/2020 - 21:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
20/2/2020 - 21:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
20/2/2020 - 21:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
20/2/2020 - 21:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
20/2/2020 - 21:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
20/2/2020 - 21:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
20/2/2020 - 21:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
20/2/2020 - 21:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
20/2/2020 - 21:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
20/2/2020 - 21:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
20/2/2020 - 21:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
20/2/2020 - 21:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
20/2/2020 - 21:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
20/2/2020 - 21:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
20/2/2020 - 21:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
20/2/2020 - 21:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
20/2/2020 - 21:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
20/2/2020 - 21:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
20/2/2020 - 21:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
20/2/2020 - 21:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
20/2/2020 - 21:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
20/2/2020 - 21:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
20/2/2020 - 21:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
20/2/2020 - 21:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
20/2/2020 - 21:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
20/2/2020 - 21:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
20/2/2020 - 21:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
20/2/2020 - 21:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
20/2/2020 - 21:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
20/2/2020 - 21:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
20/2/2020 - 21:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
20/2/2020 - 21:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
20/2/2020 - 21:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
20/2/2020 - 21:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
20/2/2020 - 21:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
20/2/2020 - 21:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
20/2/2020 - 21:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
20/2/2020 - 21:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
20/2/2020 - 21:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
20/2/2020 - 21:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
20/2/2020 - 21:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
20/2/2020 - 21:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
20/2/2020 - 21:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
20/2/2020 - 21:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
20/2/2020 - 21:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
20/2/2020 - 21:46:26.153Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
20/2/2020 - 21:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
20/2/2020 - 21:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
20/2/2020 - 21:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
20/2/2020 - 21:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
20/2/2020 - 21:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
20/2/2020 - 21:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
20/2/2020 - 21:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
20/2/2020 - 21:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
20/2/2020 - 21:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
20/2/2020 - 21:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
20/2/2020 - 21:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
20/2/2020 - 21:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
20/2/2020 - 21:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
20/2/2020 - 21:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
20/2/2020 - 21:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
20/2/2020 - 21:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
20/2/2020 - 21:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
20/2/2020 - 21:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
20/2/2020 - 21:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
20/2/2020 - 21:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
20/2/2020 - 21:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
20/2/2020 - 21:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
20/2/2020 - 21:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
20/2/2020 - 21:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
20/2/2020 - 21:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
20/2/2020 - 21:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
20/2/2020 - 21:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
20/2/2020 - 21:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
20/2/2020 - 21:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
20/2/2020 - 21:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
20/2/2020 - 21:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
20/2/2020 - 21:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
20/2/2020 - 21:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
20/2/2020 - 21:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
20/2/2020 - 21:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
20/2/2020 - 21:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
20/2/2020 - 21:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
20/2/2020 - 21:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
20/2/2020 - 21:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
20/2/2020 - 21:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
20/2/2020 - 21:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
20/2/2020 - 21:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
20/2/2020 - 21:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
20/2/2020 - 21:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
20/2/2020 - 21:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
20/2/2020 - 21:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
20/2/2020 - 21:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
20/2/2020 - 21:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
20/2/2020 - 21:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
20/2/2020 - 21:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
20/2/2020 - 21:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
20/2/2020 - 21:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
20/2/2020 - 21:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
20/2/2020 - 21:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
20/2/2020 - 21:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
20/2/2020 - 21:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
20/2/2020 - 21:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
20/2/2020 - 21:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
20/2/2020 - 21:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
20/2/2020 - 21:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
20/2/2020 - 21:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
20/2/2020 - 21:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
20/2/2020 - 21:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
20/2/2020 - 21:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
20/2/2020 - 21:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
20/2/2020 - 21:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
20/2/2020 - 21:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
20/2/2020 - 21:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
20/2/2020 - 21:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
20/2/2020 - 21:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
20/2/2020 - 21:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
20/2/2020 - 21:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
20/2/2020 - 21:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
20/2/2020 - 21:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
20/2/2020 - 21:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
20/2/2020 - 21:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
20/2/2020 - 21:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
20/2/2020 - 21:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
20/2/2020 - 21:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
20/2/2020 - 21:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
20/2/2020 - 21:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
20/2/2020 - 21:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
20/2/2020 - 21:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
20/2/2020 - 21:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
20/2/2020 - 21:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
20/2/2020 - 21:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
20/2/2020 - 21:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
20/2/2020 - 21:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
20/2/2020 - 21:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
20/2/2020 - 21:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
20/2/2020 - 21:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
20/2/2020 - 21:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
20/2/2020 - 21:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
20/2/2020 - 21:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
20/2/2020 - 21:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
20/2/2020 - 21:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
20/2/2020 - 21:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
20/2/2020 - 21:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
20/2/2020 - 21:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
20/2/2020 - 21:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
20/2/2020 - 21:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
20/2/2020 - 21:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
20/2/2020 - 21:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
20/2/2020 - 21:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
20/2/2020 - 21:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
20/2/2020 - 21:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
20/2/2020 - 21:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
20/2/2020 - 21:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
20/2/2020 - 21:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
20/2/2020 - 21:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
20/2/2020 - 21:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
20/2/2020 - 21:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
20/2/2020 - 21:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
20/2/2020 - 21:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
20/2/2020 - 21:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
20/2/2020 - 21:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
20/2/2020 - 21:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
20/2/2020 - 21:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
20/2/2020 - 21:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
20/2/2020 - 21:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
20/2/2020 - 21:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
20/2/2020 - 21:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
20/2/2020 - 21:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
20/2/2020 - 21:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
20/2/2020 - 21:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
20/2/2020 - 21:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
20/2/2020 - 21:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
20/2/2020 - 21:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
20/2/2020 - 21:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
20/2/2020 - 21:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
20/2/2020 - 21:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
20/2/2020 - 21:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
20/2/2020 - 21:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
20/2/2020 - 21:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
20/2/2020 - 21:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
20/2/2020 - 21:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
20/2/2020 - 21:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
20/2/2020 - 21:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
20/2/2020 - 21:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
20/2/2020 - 21:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
20/2/2020 - 21:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
20/2/2020 - 21:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
20/2/2020 - 21:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
20/2/2020 - 21:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
20/2/2020 - 21:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
20/2/2020 - 21:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
20/2/2020 - 21:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
20/2/2020 - 21:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
20/2/2020 - 21:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
20/2/2020 - 21:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
20/2/2020 - 21:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
20/2/2020 - 21:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
20/2/2020 - 21:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
20/2/2020 - 21:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
20/2/2020 - 21:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
20/2/2020 - 21:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
20/2/2020 - 21:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
20/2/2020 - 21:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
20/2/2020 - 21:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
20/2/2020 - 21:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
20/2/2020 - 21:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
20/2/2020 - 21:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
20/2/2020 - 21:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
20/2/2020 - 21:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
20/2/2020 - 21:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
20/2/2020 - 21:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
20/2/2020 - 21:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
20/2/2020 - 21:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
20/2/2020 - 21:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
20/2/2020 - 21:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
20/2/2020 - 21:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
20/2/2020 - 21:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
20/2/2020 - 21:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
20/2/2020 - 21:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
20/2/2020 - 21:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
20/2/2020 - 21:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
20/2/2020 - 21:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
20/2/2020 - 21:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
20/2/2020 - 21:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
20/2/2020 - 21:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
20/2/2020 - 21:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
20/2/2020 - 21:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
20/2/2020 - 21:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
20/2/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
20/2/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
20/2/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
20/2/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
20/2/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
20/2/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
20/2/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
20/2/2020 - 21:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
20/2/2020 - 21:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
20/2/2020 - 21:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
20/2/2020 - 21:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
20/2/2020 - 21:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
20/2/2020 - 21:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
20/2/2020 - 21:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
20/2/2020 - 21:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
20/2/2020 - 21:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
20/2/2020 - 21:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
20/2/2020 - 21:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
20/2/2020 - 21:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
20/2/2020 - 21:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
20/2/2020 - 21:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
20/2/2020 - 21:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
20/2/2020 - 21:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
20/2/2020 - 21:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
20/2/2020 - 21:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
20/2/2020 - 21:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
20/2/2020 - 21:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
20/2/2020 - 21:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
20/2/2020 - 21:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
20/2/2020 - 21:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
20/2/2020 - 21:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
20/2/2020 - 21:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
20/2/2020 - 21:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
20/2/2020 - 21:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
20/2/2020 - 21:46:33.872Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
20/2/2020 - 21:46:33.872Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
20/2/2020 - 21:46:33.872Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
20/2/2020 - 21:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
20/2/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
20/2/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
20/2/2020 - 21:46:34.247Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
20/2/2020 - 21:46:34.340Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
20/2/2020 - 21:46:34.340Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
20/2/2020 - 21:46:34.340Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
20/2/2020 - 21:46:34.340Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
20/2/2020 - 21:46:34.434Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
20/2/2020 - 21:46:34.434Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
20/2/2020 - 21:46:34.434Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
20/2/2020 - 21:46:34.434Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
20/2/2020 - 21:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
20/2/2020 - 21:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
20/2/2020 - 21:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
20/2/2020 - 21:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
20/2/2020 - 21:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
20/2/2020 - 21:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
20/2/2020 - 21:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
20/2/2020 - 21:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
20/2/2020 - 21:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
20/2/2020 - 21:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
20/2/2020 - 21:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
20/2/2020 - 21:46:34.622Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
20/2/2020 - 21:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
20/2/2020 - 21:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
20/2/2020 - 21:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
20/2/2020 - 21:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
20/2/2020 - 21:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
20/2/2020 - 21:46:34.903Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
20/2/2020 - 21:46:34.903Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
20/2/2020 - 21:46:34.903Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
20/2/2020 - 21:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
20/2/2020 - 21:46:35.90Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
20/2/2020 - 21:46:35.90Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
20/2/2020 - 21:46:35.90Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
20/2/2020 - 21:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
20/2/2020 - 21:46:35.278Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
20/2/2020 - 21:46:35.278Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
20/2/2020 - 21:46:35.278Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
20/2/2020 - 21:46:35.418Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
20/2/2020 - 21:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
20/2/2020 - 21:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
20/2/2020 - 21:46:35.465Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
20/2/2020 - 21:46:35.559Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
20/2/2020 - 21:46:35.653Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
20/2/2020 - 21:46:35.653Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
20/2/2020 - 21:46:35.653Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
20/2/2020 - 21:46:35.747Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
20/2/2020 - 21:46:35.840Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
20/2/2020 - 21:46:35.840Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
20/2/2020 - 21:46:35.840Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
20/2/2020 - 21:46:35.934Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
20/2/2020 - 21:46:36.28Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
20/2/2020 - 21:46:36.28Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
20/2/2020 - 21:46:36.28Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
20/2/2020 - 21:46:36.122Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
20/2/2020 - 21:46:36.215Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
20/2/2020 - 21:46:36.215Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
20/2/2020 - 21:46:36.215Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
20/2/2020 - 21:46:36.309Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
20/2/2020 - 21:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
20/2/2020 - 21:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
20/2/2020 - 21:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
20/2/2020 - 21:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
20/2/2020 - 21:46:36.497Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
20/2/2020 - 21:46:36.497Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
20/2/2020 - 21:46:36.497Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
20/2/2020 - 21:46:36.590Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
20/2/2020 - 21:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
20/2/2020 - 21:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
20/2/2020 - 21:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
20/2/2020 - 21:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
20/2/2020 - 21:46:36.778Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
20/2/2020 - 21:46:36.778Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
20/2/2020 - 21:46:36.778Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
20/2/2020 - 21:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
20/2/2020 - 21:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
20/2/2020 - 21:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
20/2/2020 - 21:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
20/2/2020 - 21:46:36.965Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
20/2/2020 - 21:46:36.965Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
20/2/2020 - 21:46:36.965Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
20/2/2020 - 21:46:36.965Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
20/2/2020 - 21:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
20/2/2020 - 21:46:38.653Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
20/2/2020 - 21:46:38.653Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
20/2/2020 - 21:46:38.653Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
20/2/2020 - 21:46:38.747Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
20/2/2020 - 21:46:38.747Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
20/2/2020 - 21:46:38.747Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
20/2/2020 - 21:46:38.747Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
20/2/2020 - 21:46:38.840Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
20/2/2020 - 21:46:38.840Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
20/2/2020 - 21:46:38.840Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
20/2/2020 - 21:46:38.840Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
20/2/2020 - 21:46:38.934Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
20/2/2020 - 21:46:38.934Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
20/2/2020 - 21:46:38.934Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
20/2/2020 - 21:46:38.934Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
20/2/2020 - 21:46:39.28Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
20/2/2020 - 21:46:39.28Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
20/2/2020 - 21:46:39.28Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
20/2/2020 - 21:46:39.28Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
20/2/2020 - 21:46:39.200Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
20/2/2020 - 21:46:39.200Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
20/2/2020 - 21:46:39.200Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
20/2/2020 - 21:46:39.200Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
20/2/2020 - 21:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
20/2/2020 - 21:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
20/2/2020 - 21:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
20/2/2020 - 21:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
20/2/2020 - 21:46:39.481Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
20/2/2020 - 21:46:39.481Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
20/2/2020 - 21:46:39.481Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
20/2/2020 - 21:46:39.481Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
20/2/2020 - 21:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
20/2/2020 - 21:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
20/2/2020 - 21:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
20/2/2020 - 21:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
20/2/2020 - 21:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
20/2/2020 - 21:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
20/2/2020 - 21:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
20/2/2020 - 21:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
20/2/2020 - 21:46:39.809Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
20/2/2020 - 21:46:39.809Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
20/2/2020 - 21:46:39.809Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
20/2/2020 - 21:46:39.809Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
20/2/2020 - 21:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
20/2/2020 - 21:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
20/2/2020 - 21:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
20/2/2020 - 21:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
20/2/2020 - 21:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
20/2/2020 - 21:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
20/2/2020 - 21:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
20/2/2020 - 21:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
20/2/2020 - 21:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
20/2/2020 - 21:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
20/2/2020 - 21:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
20/2/2020 - 21:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
20/2/2020 - 21:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
20/2/2020 - 21:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
20/2/2020 - 21:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
20/2/2020 - 21:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
20/2/2020 - 21:46:40.325Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
20/2/2020 - 21:46:40.325Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
20/2/2020 - 21:46:40.325Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
20/2/2020 - 21:46:40.325Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
20/2/2020 - 21:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
20/2/2020 - 21:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
20/2/2020 - 21:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
20/2/2020 - 21:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
20/2/2020 - 21:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
20/2/2020 - 21:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
20/2/2020 - 21:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
20/2/2020 - 21:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
20/2/2020 - 21:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
20/2/2020 - 21:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
20/2/2020 - 21:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
20/2/2020 - 21:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
20/2/2020 - 21:46:40.840Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
20/2/2020 - 21:46:40.840Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
20/2/2020 - 21:46:40.840Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:40.887Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:40.934Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:40.981Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
20/2/2020 - 21:46:40.981Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:41.28Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:41.75Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:41.122Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:41.168Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:41.215Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:41.262Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:41.309Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:41.356Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
20/2/2020 - 21:46:41.356Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
20/2/2020 - 21:46:41.356Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
20/2/2020 - 21:46:41.356Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
20/2/2020 - 21:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:41.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:41.872Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:41.872Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:41.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
20/2/2020 - 21:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
20/2/2020 - 21:46:41.887Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
20/2/2020 - 21:46:41.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:41.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:41.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:42.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:42.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:42.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:42.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:42.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:42.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:42.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:42.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:42.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:42.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:42.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:42.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:42.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:42.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:42.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:42.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:42.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:42.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
20/2/2020 - 21:46:42.918Open1480C:\malware.exeC:\dwmapi.dll
20/2/2020 - 21:46:42.918Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
20/2/2020 - 21:46:42.918Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
20/2/2020 - 21:46:42.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:43.12Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
20/2/2020 - 21:46:43.12Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
20/2/2020 - 21:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:43.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:43.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:43.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:43.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:43.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\iphlpapi.dll
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\WINNSI.DLL
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\DNSAPI.dll
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\dhcpcsvc6.DLL
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
20/2/2020 - 21:46:45.403Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
20/2/2020 - 21:46:45.403Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
20/2/2020 - 21:46:45.403Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\dhcpcsvc.DLL
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\System32\wship6.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\System32\wship6.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
20/2/2020 - 21:46:45.450Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
20/2/2020 - 21:46:45.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.465Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
20/2/2020 - 21:46:45.465Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.465Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:46:45.481Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:45.481Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
20/2/2020 - 21:46:45.481Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:45.481Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
20/2/2020 - 21:46:45.481Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:45.481Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
20/2/2020 - 21:46:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:46.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:46.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:46.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:46.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:46.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:46.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:46.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:46.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
20/2/2020 - 21:46:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:46.622Open1480C:\malware.exeC:\malware.config
20/2/2020 - 21:46:46.622Open1480C:\malware.exeC:\malware.config
20/2/2020 - 21:46:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:46.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
20/2/2020 - 21:46:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
20/2/2020 - 21:46:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:48.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:48.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dll
20/2/2020 - 21:46:48.168Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
20/2/2020 - 21:46:48.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:46:48.231Open1480C:\malware.exeC:\shfolder.dll
20/2/2020 - 21:46:48.231Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
20/2/2020 - 21:46:48.231Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
20/2/2020 - 21:46:48.231Open1480C:\malware.exeC:\ProgramData
20/2/2020 - 21:46:48.231Unknown1480C:\malware.exeC:\ProgramData
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.247Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll
20/2/2020 - 21:46:48.247Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
20/2/2020 - 21:46:48.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.309Open1480C:\malware.exeC:\Windows\System32\wbem\wmiutils.dll
20/2/2020 - 21:46:48.309Open1480C:\malware.exeC:\Windows\System32\wbem\wmiutils.dll
20/2/2020 - 21:46:48.309Open1480C:\malware.exeC:\Windows\System32\wbem\wbemcomn.dll
20/2/2020 - 21:46:48.309Open1480C:\malware.exeC:\Windows\System32\wbemcomn.dll
20/2/2020 - 21:46:48.309Open1480C:\malware.exeC:\Windows\System32\wbemcomn.dll
20/2/2020 - 21:46:48.309Open1480C:\malware.exeC:\Windows\System32\wbem\Logs
20/2/2020 - 21:46:48.309Unknown1480C:\malware.exeC:\Windows\System32\wbem\Logs
20/2/2020 - 21:46:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.403Open1480C:\malware.exeC:\Windows\System32\wbem\wbemprox.dll
20/2/2020 - 21:46:48.403Open1480C:\malware.exeC:\Windows\System32\wbem\wbemprox.dll
20/2/2020 - 21:46:48.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
20/2/2020 - 21:46:48.450Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
20/2/2020 - 21:46:48.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
20/2/2020 - 21:46:48.450Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
20/2/2020 - 21:46:48.497Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
20/2/2020 - 21:46:48.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
20/2/2020 - 21:46:48.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
20/2/2020 - 21:46:48.590Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
20/2/2020 - 21:46:48.590Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
20/2/2020 - 21:46:48.590Open1480C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:46:48.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:46:48.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:46:48.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:46:48.590Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
20/2/2020 - 21:46:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:48.731Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
20/2/2020 - 21:46:49.12Open1480C:\malware.exeC:\Windows\System32\wbem\wbemsvc.dll
20/2/2020 - 21:46:49.12Open1480C:\malware.exeC:\Windows\System32\wbem\wbemsvc.dll
20/2/2020 - 21:46:49.59Open1480C:\malware.exeC:\Windows\System32\wbem\fastprox.dll
20/2/2020 - 21:46:49.59Open1480C:\malware.exeC:\Windows\System32\wbem\fastprox.dll
20/2/2020 - 21:46:49.59Open1480C:\malware.exeC:\Windows\System32\wbem\NTDSAPI.dll
20/2/2020 - 21:46:49.59Open1480C:\malware.exeC:\Windows\System32\ntdsapi.dll
20/2/2020 - 21:46:49.59Open1480C:\malware.exeC:\Windows\System32\ntdsapi.dll
20/2/2020 - 21:46:49.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:46:50.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
20/2/2020 - 21:46:50.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\OLEAUT32.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:46:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Unknown1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\uni.gpc
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GAS Tecnologia\GBBD\uni
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Aplicativo Itau
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Unknown1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\cef.gpc
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GAS Tecnologia\GBBD\cef
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Unknown1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\abn.gpc
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GAS Tecnologia\GBBD\abn
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Unknown1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)\Trusteer\Rapport\
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Unknown1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)\scpbrad
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)\AppBrad
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Unknown1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:47:5.28Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\bb.gpc
20/2/2020 - 21:47:5.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GAS Tecnologia\GBBD\bb
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:47:5.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
20/2/2020 - 21:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
20/2/2020 - 21:47:5.43Unknown1480C:\malware.exeC:\Monitor
20/2/2020 - 21:47:5.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:47:5.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
20/2/2020 - 21:47:5.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
20/2/2020 - 21:47:5.43Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
20/2/2020 - 21:47:5.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6

Process
Trace

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
20/2/2020 - 21:46:2.231Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 71.92%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 90.41%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 53.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 57.78%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.97%
suspicious: False cancel

Add to Collection
Download