Report #7754 check_circle

  • Creation Date: Feb. 28, 2020, 2:12 p.m.
  • Last Update: Feb. 28, 2020, 2:35 p.m.
  • File: 280515.exe
  • Results:
Binary
DLL
False cancel
Size
272.79KB
trid
47.7% Win64 Executable
22.6% Windows screen saver
11.3% Win32 Dynamic Link Library
7.7% Win32 Executable
3.5% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
8ad1c5369931e39007536ab92f9859d9
sha1
0c77e2e060bdd636b9d2704218d5b0e41664d773
crc32
0x3c8de62d
sha224
73cc3a6a764f0704876b7953a5015a87dceda179635d3c0a2efa6c79
sha256
fc6790a137c216fe65215a169e79d886f74c0cacf3bf157d0420bc6822d8d817
sha384
d6d96e6ced8dc88f7eab8b41ab829d247868b81001f981c71ede3120a0ae4c9e820c2bb464cde0da702ce91ced4f3565
sha512
d490f67cf496cac3d61b66659b64ff6ead7a24f7fbc358c4cba5c21e596ee699074e8d4eba7f5818df1936a22f7416f90abde3b620e465fa5a6eb14385ddad53
ssdeep
3072:ORQjHs4y/eZXdKCdOitL11mHV4aR8qmghDosOsnpcc9kZy58YjZWcSCSLeyYcEeC:ONOnddeHV4evDosrp9kZaCDdkEmRmP6
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasDigitalSignature, url, IP, contentis_base64, android_meterpreter, IsNET_EXE, HasDebugData, HasOverlay, CRC32_poly_Constant, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
http://frcsd.org/plugins/system/legacy/system32/scoregb.zip
cmd@nsa.gov
cmd@nsa.gov
scoregb.zip
Ionic.Zip.Resources.ZippedResources.zip
C:\Users\eCoLoGy\Documents\Visual Studio 2015\Projects\ZIPLoader\ZIPLoader\bin\Debug\LoaderFinal.pdb
Ionic.Zip
My.Computer
System.IO
System.Net
ZIPLoader.My
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
System.Windows.Forms.dll
ZIPLoader.ProgramaPrincipal.Properties
{0}_fixed.zip
System.ComponentModel.Design
System.Security.Cryptography
Ionic.Zip.Forms.PasswordDialog.resources
Ionic.Zip.WinFormsSelfExtractorStub.resources
System.Security.Permissions
zippedFile.ico
4System.Web.Services.Protocols.SoapHttpClientProtocol
System.dll
17.0.0.188
17.0.0.188
11.0.0.0
17.0.0.188
11.0.0.0
17.0.0.188
11.0.0.0
11.0.0.0
_entriesExtracted
scoregb.exe
ZIPLoader.exe
ZIPLoader.exe
ExtractAllCompleted
LoaderFinal.exe
OnExtractAllCompleted
OverwriteSilently
EntriesExtracted
entriesExtracted
You must call ZipFile.Save before calling any Extract method
Z_STREAM_END
Z_STREAM_ERROR
OnAddCompleted
^(.*/)?([^/\\.]+/\\.\\./)(.+)$
OnSaveCompleted
OnReadCompleted
cmd@nsa.gov0
cmd@nsa.gov0
System.Collections.Generic.IEnumerator<Ionic.Zip.ZipEntry>.get_Current
Cannot extract: Entry {0} is encrypted with an algorithm not supported by DotNetZip: {1}
Ionic.Zip.Forms.ZipContentsDialog.resources
ProgramaPrincipal.Properties.Properties.Resources
_compressLevel
needed to extract: 0x{0:X4}
_crcCalculated
read in {0} entries.
ZIPLoader.My.Resources
4.0.0.0
System.Collections.Generic.IEnumerator<Ionic.Zip.ZipEntry>.Current
The archive requires a ZIP64 Central Directory. Consider setting the ZipOutputStream.EnableZip64 property.
extract entry {0} to stream...
ParallelDeflateThreshold should be -1, 0, or > 65536
huft_build
_isClosed
su_count
_closed
op_Addition
ReadZeroTerminatedString
build_tree
_currentlyFilling
System.Windows.Forms.Form
_CloseDelegate
_WriteDelegate
_OpenDelegate
ZIP64 is required
Value must be 4 or greater.
Completed
Spanned archives with more than 65534 segments are not supported at this time.
currentlyFilling
3System.Resources.Tools.StronglyTypedResourceBuilder
entriesToRemove
entriesToRemove
This entry is an orphan
Delete
Writer
Count
CloseDelegate
WriteDelegate
ReallyDelete
Delegate
DeleteFileWithRetry
OpenDelegate
the stream is not open
need
SelectionCriteria has not been set
writer
outstream
MulticastDelegate

Foremost
Matches
0.exe, 271 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.9.1.6, 0, Unknown, 17.0.0.188, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://frcsd.org/plugins/system/legacy/system32/scoregb.zip
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: http://frcsd.org/plugins/system/legacy/system32/scoregb.zip, System.Windows.Forms.dll, System.Drawing.dll, System.dll, mscoree.dll
hasFiles: True check_circle
Suspicious: scoregb.zip, {0}_fixed.zip, Ionic.Zip.Resources.ZippedResources.zip, Ionic.Zip
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 330589
Suspicous: False cancel

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 282746
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: system.windows.forms.dll, system.drawing.dll, system.dll, mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-05-31 21:51:17
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 16

pushpopmath
.text: 111

ss register
.text: 6

garbagebytes
.text: 10

fakeconditionaljumps
.text: 1

programcontrolflowchange
.text: 9

cpuinstructionsresultscomparison
.text: 45

AVclass
banload
1
VirusTotal
md5
8ad1c5369931e39007536ab92f9859d9
sha1
0c77e2e060bdd636b9d2704218d5b0e41664d773
SCANS (DETECTION RATE = 59.09%)
AVG
result: MSIL:Banker-EF [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180324
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=80)
update: 20180325
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180325
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 004c4e1c1 )
update: 20180325
version: 10.42.26601
detected: True check_circle

ALYac
result: Trojan.GenericKD.2458737
update: 20180325
version: 1.1.1.5
detected: True check_circle

Avast
result: MSIL:Banker-EF [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Banload.aacxc
update: 20180324
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
update: 20180325
version: 5.4.30.7
detected: False cancel

DrWeb
update: 20180325
version: 7.0.28.2020
detected: False cancel

GData
result: Trojan.GenericKD.2458737
update: 20180325
version: A:25.16495B:25.11872
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180324
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.Banload
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180325
version: 65508
detected: True check_circle

Zoner
update: 20180325
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180325
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180325
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180325
version: 28741
detected: True check_circle

F-Prot
update: 20180325
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180324
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!8AD1C5369931
update: 20180325
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180325
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20180325
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!TWXVInYhEPg
update: 20180324
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.63324
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Generic.D258471
update: 20180325
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180325
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan-downloader.Banload.Eehl
update: 20180325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180324
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180325
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.2458737
update: 20180325
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Downloader.W32.Banload.aacxc!c
update: 20180325
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.2458737 (B)
update: 20180325
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180325
version: 11.0.19100.45
detected: False cancel

Fortinet
result: W32/BANLOAD.YWNIR!tr
update: 20180325
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: TrojanDownloader.Banload.bigx
update: 20180325
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180325
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20180325
version: 1.0
detected: False cancel

Symantec
result: Trojan.Gen
update: 20180324
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180325
version: 2018-03-25.01
detected: False cancel

AhnLab-V3
update: 20180324
version: 3.12.0.20130
detected: False cancel

Antiy-AVL
result: Trojan[Downloader]/Win32.Banload
update: 20180325
version: 3.0.0.1
detected: True check_circle

Kaspersky
update: 20180325
version: 15.0.1.13
detected: False cancel

Microsoft
result: TrojanDownloader:MSIL/Banload
update: 20180325
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
update: 20180325
version: 1.0.0.1120
detected: False cancel

TheHacker
result: Trojan/Downloader.Banload.dp
update: 20180319
version: 6.8.0.5.2551
detected: True check_circle

ZoneAlarm
update: 20180325
version: 1.0
detected: False cancel

ESET-NOD32
result: a variant of MSIL/TrojanDownloader.Banload.GI
update: 20180325
version: 17111
detected: True check_circle

TrendMicro
result: TROJ_BANLOAD.YWNIR
update: 20180325
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180324
detected: False cancel

BitDefender
result: Trojan.GenericKD.2458737
update: 20180325
version: 7.2
detected: True check_circle

CrowdStrike
update: 20170201
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan-Downloader ( 004c4e1c1 )
update: 20180325
version: 10.42.26601
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180324
version: 180324-00
detected: False cancel

Malwarebytes
update: 20180325
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180325
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.Banload
update: 20180324
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.dsprjy
update: 20180325
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.2458737
update: 20180325
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180325
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20180324
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_BANLOAD.YWNIR
update: 20180325
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
fc6790a137c216fe65215a169e79d886f74c0cacf3bf157d0420bc6822d8d817
scan_id
fc6790a137c216fe65215a169e79d886f74c0cacf3bf157d0420bc6822d8d817-1521958546
resource
8ad1c5369931e39007536ab92f9859d9
positives
39
scan_date
2018-03-25 06:15:46
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
28/2/2020 - 13:45:44.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:44.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:44.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:44.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:44.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:44.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:44.12Open1480C:\malware.exeC:\malware.exe.config
28/2/2020 - 13:45:44.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
28/2/2020 - 13:45:44.28Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 13:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
28/2/2020 - 13:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
28/2/2020 - 13:45:44.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat
28/2/2020 - 13:45:44.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
28/2/2020 - 13:45:44.43Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:44.622Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:45:44.668Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:45:44.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:45:44.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.28Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.28Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.28Open1480C:\malware.exeC:\
28/2/2020 - 13:45:46.28Unknown1480C:\malware.exeC:\
28/2/2020 - 13:45:46.28Open1480C:\malware.exeC:\Monitor
28/2/2020 - 13:45:46.28Unknown1480C:\malware.exeC:\Monitor
28/2/2020 - 13:45:46.28Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 13:45:46.28Unknown1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 13:45:46.28Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.28Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
28/2/2020 - 13:45:46.122Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:45:46.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
28/2/2020 - 13:45:46.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
28/2/2020 - 13:45:46.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
28/2/2020 - 13:45:46.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\RichEd20.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\System32\riched20.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\System32\riched20.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\CRYPTSP.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.262Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\CRYPTBASE.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
28/2/2020 - 13:45:46.278Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
28/2/2020 - 13:45:46.278Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
28/2/2020 - 13:45:46.278Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\p2pcollab.dll
28/2/2020 - 13:45:46.325Unknown1480C:\malware.exeC:\Windows\System32\p2pcollab.dllp2pcollab.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\p2pcollab.dll
28/2/2020 - 13:45:46.325Unknown1480C:\malware.exeC:\Windows\System32\p2pcollab.dllp2pcollab.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\QAGENTRT.DLL
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\QAGENTRT.DLL
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\fveui.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\fveui.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\fveui.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\fveui.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\wuaueng.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\wuaueng.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\ncrypt.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\ncrypt.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\ncrypt.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\bcrypt.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\bcrypt.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\bcrypt.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dll
28/2/2020 - 13:45:46.325Unknown1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dllbcryptprimitives.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dll
28/2/2020 - 13:45:46.325Unknown1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dllbcryptprimitives.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:46.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:46.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:46.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\GPAPI.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\gpapi.dll
28/2/2020 - 13:45:46.325Open1480C:\malware.exeC:\Windows\System32\gpapi.dll
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:46.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:46.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:46.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:46.434Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
28/2/2020 - 13:45:46.434Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 13:45:46.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 13:45:46.497Open1480C:\malware.exeC:\malware.config
28/2/2020 - 13:45:46.497Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.497Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.497Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.497Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.497Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 13:45:46.497Unknown1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\System32\l_intl.nls
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.512Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 13:45:46.512Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\GAC_64\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 13:45:46.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 13:45:46.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:46.575Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
28/2/2020 - 13:45:46.622Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
28/2/2020 - 13:45:46.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
28/2/2020 - 13:45:46.762Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:45:46.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:45:46.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:45:46.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:45:46.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
28/2/2020 - 13:45:46.778Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:46.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
28/2/2020 - 13:45:46.778Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:46.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:46.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:45:47.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:48.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:45:48.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:45:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:48.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:48.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:48.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:48.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 13:45:48.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 13:45:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:48.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:48.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:48.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:49.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:50.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\VERSION.dll
28/2/2020 - 13:45:50.450Open1480C:\malware.exeC:\VERSION.dll
28/2/2020 - 13:45:50.450Open1480C:\malware.exeC:\Windows\System32\version.dll
28/2/2020 - 13:45:50.450Open1480C:\malware.exeC:\Windows\System32\version.dll
28/2/2020 - 13:45:50.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:45:50.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:50.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:50.497Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:45:50.497Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:50.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:45:50.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:50.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:50.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:51.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:51.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:51.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:53.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:55.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:55.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:55.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:55.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:56.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:56.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:56.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:56.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:56.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:56.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:56.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:56.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:56.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:57.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:57.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:57.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:57.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:57.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:57.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:57.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:57.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:57.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:57.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:58.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:58.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:58.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:45:58.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:45:58.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:58.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.340Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
28/2/2020 - 13:45:59.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:59.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:59.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:59.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:59.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:59.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:59.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:45:59.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:0.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.137Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.137Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:46:0.606Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:46:0.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:0.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:1.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:46:1.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:46:1.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:1.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:1.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:1.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:1.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:2.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:2.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:2.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:2.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:2.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:2.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:2.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:2.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:2.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:2.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
28/2/2020 - 13:46:3.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:3.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:3.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:3.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:4.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:4.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:4.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:4.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:4.825Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
28/2/2020 - 13:46:5.12Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
28/2/2020 - 13:46:5.59Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:46:5.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:46:5.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:46:5.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:46:5.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:5.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:5.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:6.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:6.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:6.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:6.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:7.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:7.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:7.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:7.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:7.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:7.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:7.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:7.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:8.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:8.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:8.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:8.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:8.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:8.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Gdiplus.dll
28/2/2020 - 13:46:8.278Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
28/2/2020 - 13:46:8.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\ShFolder.DLL
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:46:8.325Unknown1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:46:8.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Windows\System32\GDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:46:8.325Unknown1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:46:8.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:8.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:8.325Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
28/2/2020 - 13:46:8.325Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
28/2/2020 - 13:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
28/2/2020 - 13:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
28/2/2020 - 13:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
28/2/2020 - 13:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
28/2/2020 - 13:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
28/2/2020 - 13:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
28/2/2020 - 13:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
28/2/2020 - 13:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
28/2/2020 - 13:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
28/2/2020 - 13:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
28/2/2020 - 13:46:8.372Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
28/2/2020 - 13:46:8.372Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
28/2/2020 - 13:46:8.372Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
28/2/2020 - 13:46:8.387Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
28/2/2020 - 13:46:8.403Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
28/2/2020 - 13:46:8.418Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
28/2/2020 - 13:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
28/2/2020 - 13:46:8.450Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
28/2/2020 - 13:46:8.450Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
28/2/2020 - 13:46:8.450Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
28/2/2020 - 13:46:8.450Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
28/2/2020 - 13:46:8.450Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
28/2/2020 - 13:46:8.450Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
28/2/2020 - 13:46:8.559Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
28/2/2020 - 13:46:8.559Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
28/2/2020 - 13:46:8.559Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
28/2/2020 - 13:46:8.559Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
28/2/2020 - 13:46:8.700Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
28/2/2020 - 13:46:8.700Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
28/2/2020 - 13:46:8.700Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
28/2/2020 - 13:46:8.700Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
28/2/2020 - 13:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
28/2/2020 - 13:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
28/2/2020 - 13:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
28/2/2020 - 13:46:8.793Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
28/2/2020 - 13:46:8.887Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
28/2/2020 - 13:46:8.934Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
28/2/2020 - 13:46:8.934Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
28/2/2020 - 13:46:8.934Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
28/2/2020 - 13:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
28/2/2020 - 13:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
28/2/2020 - 13:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
28/2/2020 - 13:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
28/2/2020 - 13:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
28/2/2020 - 13:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
28/2/2020 - 13:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
28/2/2020 - 13:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
28/2/2020 - 13:46:9.262Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
28/2/2020 - 13:46:9.262Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
28/2/2020 - 13:46:9.262Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
28/2/2020 - 13:46:9.262Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
28/2/2020 - 13:46:9.356Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
28/2/2020 - 13:46:9.403Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
28/2/2020 - 13:46:9.403Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
28/2/2020 - 13:46:9.403Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
28/2/2020 - 13:46:9.497Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
28/2/2020 - 13:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
28/2/2020 - 13:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
28/2/2020 - 13:46:9.543Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
28/2/2020 - 13:46:9.637Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
28/2/2020 - 13:46:9.637Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
28/2/2020 - 13:46:9.637Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
28/2/2020 - 13:46:9.637Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
28/2/2020 - 13:46:9.731Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
28/2/2020 - 13:46:9.731Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
28/2/2020 - 13:46:9.731Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
28/2/2020 - 13:46:9.731Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
28/2/2020 - 13:46:9.825Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
28/2/2020 - 13:46:9.825Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
28/2/2020 - 13:46:9.825Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
28/2/2020 - 13:46:9.825Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
28/2/2020 - 13:46:9.918Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
28/2/2020 - 13:46:9.918Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
28/2/2020 - 13:46:9.918Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
28/2/2020 - 13:46:9.918Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
28/2/2020 - 13:46:10.12Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
28/2/2020 - 13:46:10.59Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
28/2/2020 - 13:46:10.59Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
28/2/2020 - 13:46:10.59Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
28/2/2020 - 13:46:10.340Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
28/2/2020 - 13:46:10.481Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
28/2/2020 - 13:46:10.481Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
28/2/2020 - 13:46:10.481Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
28/2/2020 - 13:46:10.762Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
28/2/2020 - 13:46:10.903Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
28/2/2020 - 13:46:10.903Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
28/2/2020 - 13:46:10.903Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
28/2/2020 - 13:46:11.43Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
28/2/2020 - 13:46:11.90Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
28/2/2020 - 13:46:11.90Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
28/2/2020 - 13:46:11.90Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
28/2/2020 - 13:46:11.184Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
28/2/2020 - 13:46:11.231Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
28/2/2020 - 13:46:11.231Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
28/2/2020 - 13:46:11.231Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
28/2/2020 - 13:46:11.887Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
28/2/2020 - 13:46:12.637Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
28/2/2020 - 13:46:13.12Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
28/2/2020 - 13:46:13.465Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
28/2/2020 - 13:46:13.840Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
28/2/2020 - 13:46:13.840Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
28/2/2020 - 13:46:13.840Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
28/2/2020 - 13:46:14.497Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
28/2/2020 - 13:46:15.247Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
28/2/2020 - 13:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
28/2/2020 - 13:46:16.43Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
28/2/2020 - 13:46:16.418Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
28/2/2020 - 13:46:16.418Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
28/2/2020 - 13:46:16.418Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
28/2/2020 - 13:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
28/2/2020 - 13:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
28/2/2020 - 13:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
28/2/2020 - 13:46:16.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
28/2/2020 - 13:46:16.934Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
28/2/2020 - 13:46:17.262Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
28/2/2020 - 13:46:17.262Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
28/2/2020 - 13:46:17.262Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
28/2/2020 - 13:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
28/2/2020 - 13:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
28/2/2020 - 13:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
28/2/2020 - 13:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
28/2/2020 - 13:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
28/2/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
28/2/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
28/2/2020 - 13:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
28/2/2020 - 13:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
28/2/2020 - 13:46:19.356Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
28/2/2020 - 13:46:19.356Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
28/2/2020 - 13:46:19.356Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
28/2/2020 - 13:46:19.872Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
28/2/2020 - 13:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
28/2/2020 - 13:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
28/2/2020 - 13:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
28/2/2020 - 13:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
28/2/2020 - 13:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
28/2/2020 - 13:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
28/2/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
28/2/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
28/2/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
28/2/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
28/2/2020 - 13:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
28/2/2020 - 13:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
28/2/2020 - 13:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
28/2/2020 - 13:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
28/2/2020 - 13:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
28/2/2020 - 13:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
28/2/2020 - 13:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
28/2/2020 - 13:46:22.403Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
28/2/2020 - 13:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
28/2/2020 - 13:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
28/2/2020 - 13:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
28/2/2020 - 13:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
28/2/2020 - 13:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
28/2/2020 - 13:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
28/2/2020 - 13:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
28/2/2020 - 13:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
28/2/2020 - 13:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
28/2/2020 - 13:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
28/2/2020 - 13:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
28/2/2020 - 13:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
28/2/2020 - 13:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
28/2/2020 - 13:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
28/2/2020 - 13:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
28/2/2020 - 13:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
28/2/2020 - 13:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
28/2/2020 - 13:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
28/2/2020 - 13:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
28/2/2020 - 13:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
28/2/2020 - 13:46:23.762Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
28/2/2020 - 13:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
28/2/2020 - 13:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
28/2/2020 - 13:46:23.856Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
28/2/2020 - 13:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
28/2/2020 - 13:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
28/2/2020 - 13:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
28/2/2020 - 13:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
28/2/2020 - 13:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
28/2/2020 - 13:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
28/2/2020 - 13:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
28/2/2020 - 13:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
28/2/2020 - 13:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
28/2/2020 - 13:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
28/2/2020 - 13:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
28/2/2020 - 13:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
28/2/2020 - 13:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
28/2/2020 - 13:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
28/2/2020 - 13:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
28/2/2020 - 13:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
28/2/2020 - 13:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
28/2/2020 - 13:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
28/2/2020 - 13:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
28/2/2020 - 13:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
28/2/2020 - 13:46:24.606Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
28/2/2020 - 13:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
28/2/2020 - 13:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
28/2/2020 - 13:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
28/2/2020 - 13:46:24.887Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
28/2/2020 - 13:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
28/2/2020 - 13:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
28/2/2020 - 13:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
28/2/2020 - 13:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
28/2/2020 - 13:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
28/2/2020 - 13:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
28/2/2020 - 13:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
28/2/2020 - 13:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
28/2/2020 - 13:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
28/2/2020 - 13:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
28/2/2020 - 13:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
28/2/2020 - 13:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
28/2/2020 - 13:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
28/2/2020 - 13:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
28/2/2020 - 13:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
28/2/2020 - 13:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
28/2/2020 - 13:46:25.356Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
28/2/2020 - 13:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
28/2/2020 - 13:46:25.590Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
28/2/2020 - 13:46:25.590Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
28/2/2020 - 13:46:25.590Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
28/2/2020 - 13:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
28/2/2020 - 13:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
28/2/2020 - 13:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
28/2/2020 - 13:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
28/2/2020 - 13:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
28/2/2020 - 13:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
28/2/2020 - 13:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
28/2/2020 - 13:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
28/2/2020 - 13:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
28/2/2020 - 13:46:26.340Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
28/2/2020 - 13:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
28/2/2020 - 13:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
28/2/2020 - 13:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
28/2/2020 - 13:46:26.622Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
28/2/2020 - 13:46:26.622Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
28/2/2020 - 13:46:26.622Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
28/2/2020 - 13:46:26.622Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
28/2/2020 - 13:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
28/2/2020 - 13:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
28/2/2020 - 13:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
28/2/2020 - 13:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
28/2/2020 - 13:46:26.809Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
28/2/2020 - 13:46:26.809Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
28/2/2020 - 13:46:26.809Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
28/2/2020 - 13:46:26.809Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
28/2/2020 - 13:46:26.809Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
28/2/2020 - 13:46:26.809Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
28/2/2020 - 13:46:26.809Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
28/2/2020 - 13:46:26.809Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
28/2/2020 - 13:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
28/2/2020 - 13:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
28/2/2020 - 13:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
28/2/2020 - 13:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
28/2/2020 - 13:46:27.90Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
28/2/2020 - 13:46:27.90Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
28/2/2020 - 13:46:27.90Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
28/2/2020 - 13:46:27.90Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
28/2/2020 - 13:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
28/2/2020 - 13:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
28/2/2020 - 13:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
28/2/2020 - 13:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
28/2/2020 - 13:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
28/2/2020 - 13:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
28/2/2020 - 13:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
28/2/2020 - 13:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
28/2/2020 - 13:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
28/2/2020 - 13:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
28/2/2020 - 13:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
28/2/2020 - 13:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
28/2/2020 - 13:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
28/2/2020 - 13:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
28/2/2020 - 13:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
28/2/2020 - 13:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
28/2/2020 - 13:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
28/2/2020 - 13:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
28/2/2020 - 13:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
28/2/2020 - 13:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
28/2/2020 - 13:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
28/2/2020 - 13:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
28/2/2020 - 13:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
28/2/2020 - 13:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
28/2/2020 - 13:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
28/2/2020 - 13:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
28/2/2020 - 13:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
28/2/2020 - 13:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
28/2/2020 - 13:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
28/2/2020 - 13:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
28/2/2020 - 13:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
28/2/2020 - 13:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
28/2/2020 - 13:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
28/2/2020 - 13:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
28/2/2020 - 13:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
28/2/2020 - 13:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
28/2/2020 - 13:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
28/2/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
28/2/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
28/2/2020 - 13:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
28/2/2020 - 13:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
28/2/2020 - 13:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
28/2/2020 - 13:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
28/2/2020 - 13:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
28/2/2020 - 13:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
28/2/2020 - 13:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
28/2/2020 - 13:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
28/2/2020 - 13:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
28/2/2020 - 13:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
28/2/2020 - 13:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
28/2/2020 - 13:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
28/2/2020 - 13:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
28/2/2020 - 13:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
28/2/2020 - 13:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
28/2/2020 - 13:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
28/2/2020 - 13:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
28/2/2020 - 13:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
28/2/2020 - 13:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
28/2/2020 - 13:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
28/2/2020 - 13:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
28/2/2020 - 13:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
28/2/2020 - 13:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
28/2/2020 - 13:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
28/2/2020 - 13:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
28/2/2020 - 13:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
28/2/2020 - 13:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
28/2/2020 - 13:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
28/2/2020 - 13:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
28/2/2020 - 13:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
28/2/2020 - 13:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
28/2/2020 - 13:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
28/2/2020 - 13:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
28/2/2020 - 13:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
28/2/2020 - 13:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
28/2/2020 - 13:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
28/2/2020 - 13:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
28/2/2020 - 13:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
28/2/2020 - 13:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
28/2/2020 - 13:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
28/2/2020 - 13:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
28/2/2020 - 13:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
28/2/2020 - 13:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
28/2/2020 - 13:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
28/2/2020 - 13:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
28/2/2020 - 13:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
28/2/2020 - 13:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
28/2/2020 - 13:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
28/2/2020 - 13:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
28/2/2020 - 13:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
28/2/2020 - 13:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
28/2/2020 - 13:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
28/2/2020 - 13:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
28/2/2020 - 13:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
28/2/2020 - 13:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
28/2/2020 - 13:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
28/2/2020 - 13:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
28/2/2020 - 13:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
28/2/2020 - 13:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
28/2/2020 - 13:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
28/2/2020 - 13:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
28/2/2020 - 13:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
28/2/2020 - 13:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
28/2/2020 - 13:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
28/2/2020 - 13:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
28/2/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
28/2/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
28/2/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
28/2/2020 - 13:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
28/2/2020 - 13:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
28/2/2020 - 13:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
28/2/2020 - 13:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
28/2/2020 - 13:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
28/2/2020 - 13:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
28/2/2020 - 13:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
28/2/2020 - 13:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
28/2/2020 - 13:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
28/2/2020 - 13:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
28/2/2020 - 13:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
28/2/2020 - 13:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
28/2/2020 - 13:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
28/2/2020 - 13:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
28/2/2020 - 13:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
28/2/2020 - 13:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
28/2/2020 - 13:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
28/2/2020 - 13:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
28/2/2020 - 13:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
28/2/2020 - 13:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
28/2/2020 - 13:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
28/2/2020 - 13:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
28/2/2020 - 13:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
28/2/2020 - 13:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
28/2/2020 - 13:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
28/2/2020 - 13:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
28/2/2020 - 13:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
28/2/2020 - 13:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
28/2/2020 - 13:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
28/2/2020 - 13:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
28/2/2020 - 13:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
28/2/2020 - 13:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
28/2/2020 - 13:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
28/2/2020 - 13:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
28/2/2020 - 13:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
28/2/2020 - 13:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
28/2/2020 - 13:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
28/2/2020 - 13:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
28/2/2020 - 13:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
28/2/2020 - 13:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
28/2/2020 - 13:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
28/2/2020 - 13:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
28/2/2020 - 13:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
28/2/2020 - 13:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
28/2/2020 - 13:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
28/2/2020 - 13:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
28/2/2020 - 13:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
28/2/2020 - 13:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
28/2/2020 - 13:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
28/2/2020 - 13:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
28/2/2020 - 13:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
28/2/2020 - 13:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
28/2/2020 - 13:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
28/2/2020 - 13:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
28/2/2020 - 13:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
28/2/2020 - 13:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
28/2/2020 - 13:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\script.fon
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\script.fon
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\script.fon
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
28/2/2020 - 13:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
28/2/2020 - 13:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
28/2/2020 - 13:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
28/2/2020 - 13:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
28/2/2020 - 13:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
28/2/2020 - 13:46:31.684Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
28/2/2020 - 13:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
28/2/2020 - 13:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
28/2/2020 - 13:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
28/2/2020 - 13:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
28/2/2020 - 13:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
28/2/2020 - 13:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
28/2/2020 - 13:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
28/2/2020 - 13:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
28/2/2020 - 13:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
28/2/2020 - 13:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
28/2/2020 - 13:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
28/2/2020 - 13:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
28/2/2020 - 13:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
28/2/2020 - 13:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
28/2/2020 - 13:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
28/2/2020 - 13:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
28/2/2020 - 13:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
28/2/2020 - 13:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
28/2/2020 - 13:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
28/2/2020 - 13:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
28/2/2020 - 13:46:32.715Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
28/2/2020 - 13:46:32.715Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
28/2/2020 - 13:46:32.715Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
28/2/2020 - 13:46:32.809Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
28/2/2020 - 13:46:32.809Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
28/2/2020 - 13:46:32.809Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
28/2/2020 - 13:46:32.809Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
28/2/2020 - 13:46:32.903Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
28/2/2020 - 13:46:32.903Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
28/2/2020 - 13:46:32.903Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
28/2/2020 - 13:46:32.903Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
28/2/2020 - 13:46:32.997Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
28/2/2020 - 13:46:32.997Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
28/2/2020 - 13:46:32.997Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
28/2/2020 - 13:46:32.997Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
28/2/2020 - 13:46:33.90Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
28/2/2020 - 13:46:33.90Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
28/2/2020 - 13:46:33.90Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
28/2/2020 - 13:46:33.90Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
28/2/2020 - 13:46:33.184Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
28/2/2020 - 13:46:33.184Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
28/2/2020 - 13:46:33.184Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
28/2/2020 - 13:46:33.184Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
28/2/2020 - 13:46:33.278Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
28/2/2020 - 13:46:33.278Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
28/2/2020 - 13:46:33.278Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
28/2/2020 - 13:46:33.278Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
28/2/2020 - 13:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
28/2/2020 - 13:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
28/2/2020 - 13:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
28/2/2020 - 13:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
28/2/2020 - 13:46:33.465Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
28/2/2020 - 13:46:33.465Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
28/2/2020 - 13:46:33.465Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
28/2/2020 - 13:46:33.465Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
28/2/2020 - 13:46:33.559Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
28/2/2020 - 13:46:33.559Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
28/2/2020 - 13:46:33.559Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
28/2/2020 - 13:46:33.559Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
28/2/2020 - 13:46:33.653Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
28/2/2020 - 13:46:33.653Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
28/2/2020 - 13:46:33.653Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
28/2/2020 - 13:46:33.653Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
28/2/2020 - 13:46:33.747Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
28/2/2020 - 13:46:33.747Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
28/2/2020 - 13:46:33.747Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
28/2/2020 - 13:46:33.747Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
28/2/2020 - 13:46:33.840Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
28/2/2020 - 13:46:33.840Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
28/2/2020 - 13:46:33.840Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
28/2/2020 - 13:46:33.840Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
28/2/2020 - 13:46:34.122Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
28/2/2020 - 13:46:34.262Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
28/2/2020 - 13:46:34.262Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
28/2/2020 - 13:46:34.262Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
28/2/2020 - 13:46:34.543Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
28/2/2020 - 13:46:34.684Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
28/2/2020 - 13:46:34.684Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
28/2/2020 - 13:46:34.684Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
28/2/2020 - 13:46:34.965Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
28/2/2020 - 13:46:35.59Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
28/2/2020 - 13:46:35.59Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
28/2/2020 - 13:46:35.59Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
28/2/2020 - 13:46:35.153Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
28/2/2020 - 13:46:35.153Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
28/2/2020 - 13:46:35.153Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
28/2/2020 - 13:46:35.153Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
28/2/2020 - 13:46:35.247Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
28/2/2020 - 13:46:35.247Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
28/2/2020 - 13:46:35.247Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
28/2/2020 - 13:46:35.247Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
28/2/2020 - 13:46:35.340Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
28/2/2020 - 13:46:35.340Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
28/2/2020 - 13:46:35.340Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
28/2/2020 - 13:46:35.340Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
28/2/2020 - 13:46:35.434Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
28/2/2020 - 13:46:35.434Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
28/2/2020 - 13:46:35.434Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
28/2/2020 - 13:46:35.434Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
28/2/2020 - 13:46:35.528Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
28/2/2020 - 13:46:35.528Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
28/2/2020 - 13:46:35.528Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
28/2/2020 - 13:46:35.528Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
28/2/2020 - 13:46:35.622Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
28/2/2020 - 13:46:35.622Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
28/2/2020 - 13:46:35.622Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
28/2/2020 - 13:46:35.622Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
28/2/2020 - 13:46:35.715Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
28/2/2020 - 13:46:35.715Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
28/2/2020 - 13:46:35.715Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
28/2/2020 - 13:46:35.715Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
28/2/2020 - 13:46:35.809Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
28/2/2020 - 13:46:35.809Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
28/2/2020 - 13:46:35.809Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
28/2/2020 - 13:46:35.809Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
28/2/2020 - 13:46:35.903Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
28/2/2020 - 13:46:35.903Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
28/2/2020 - 13:46:35.903Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
28/2/2020 - 13:46:35.903Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
28/2/2020 - 13:46:35.997Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
28/2/2020 - 13:46:35.997Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
28/2/2020 - 13:46:35.997Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
28/2/2020 - 13:46:35.997Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
28/2/2020 - 13:46:36.90Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
28/2/2020 - 13:46:36.90Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
28/2/2020 - 13:46:36.90Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
28/2/2020 - 13:46:36.90Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
28/2/2020 - 13:46:36.184Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
28/2/2020 - 13:46:36.184Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
28/2/2020 - 13:46:36.184Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
28/2/2020 - 13:46:36.184Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
28/2/2020 - 13:46:36.278Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
28/2/2020 - 13:46:36.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
28/2/2020 - 13:46:36.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
28/2/2020 - 13:46:36.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
28/2/2020 - 13:46:36.372Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
28/2/2020 - 13:46:36.372Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
28/2/2020 - 13:46:36.372Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
28/2/2020 - 13:46:36.372Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
28/2/2020 - 13:46:36.465Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
28/2/2020 - 13:46:36.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
28/2/2020 - 13:46:36.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
28/2/2020 - 13:46:36.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
28/2/2020 - 13:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
28/2/2020 - 13:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
28/2/2020 - 13:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
28/2/2020 - 13:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
28/2/2020 - 13:46:36.653Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
28/2/2020 - 13:46:36.653Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
28/2/2020 - 13:46:36.653Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
28/2/2020 - 13:46:36.653Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
28/2/2020 - 13:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
28/2/2020 - 13:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
28/2/2020 - 13:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
28/2/2020 - 13:46:36.747Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
28/2/2020 - 13:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
28/2/2020 - 13:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
28/2/2020 - 13:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
28/2/2020 - 13:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
28/2/2020 - 13:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
28/2/2020 - 13:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
28/2/2020 - 13:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
28/2/2020 - 13:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
28/2/2020 - 13:46:37.28Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
28/2/2020 - 13:46:37.28Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
28/2/2020 - 13:46:37.28Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
28/2/2020 - 13:46:37.28Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
28/2/2020 - 13:46:37.122Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
28/2/2020 - 13:46:37.122Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
28/2/2020 - 13:46:37.122Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
28/2/2020 - 13:46:37.122Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
28/2/2020 - 13:46:37.215Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
28/2/2020 - 13:46:37.215Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
28/2/2020 - 13:46:37.215Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
28/2/2020 - 13:46:37.215Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
28/2/2020 - 13:46:37.309Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
28/2/2020 - 13:46:37.309Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
28/2/2020 - 13:46:37.309Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
28/2/2020 - 13:46:37.309Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
28/2/2020 - 13:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
28/2/2020 - 13:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
28/2/2020 - 13:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
28/2/2020 - 13:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
28/2/2020 - 13:46:37.497Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
28/2/2020 - 13:46:37.497Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
28/2/2020 - 13:46:37.497Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
28/2/2020 - 13:46:37.497Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
28/2/2020 - 13:46:37.590Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
28/2/2020 - 13:46:37.590Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
28/2/2020 - 13:46:37.590Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
28/2/2020 - 13:46:37.590Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
28/2/2020 - 13:46:37.684Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
28/2/2020 - 13:46:37.684Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
28/2/2020 - 13:46:37.684Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
28/2/2020 - 13:46:37.684Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
28/2/2020 - 13:46:37.778Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
28/2/2020 - 13:46:37.778Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
28/2/2020 - 13:46:37.778Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
28/2/2020 - 13:46:37.778Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
28/2/2020 - 13:46:37.872Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
28/2/2020 - 13:46:37.872Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
28/2/2020 - 13:46:37.872Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
28/2/2020 - 13:46:37.872Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
28/2/2020 - 13:46:37.965Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
28/2/2020 - 13:46:37.965Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
28/2/2020 - 13:46:37.965Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
28/2/2020 - 13:46:37.965Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
28/2/2020 - 13:46:38.59Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
28/2/2020 - 13:46:38.59Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
28/2/2020 - 13:46:38.59Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
28/2/2020 - 13:46:38.59Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
28/2/2020 - 13:46:38.153Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
28/2/2020 - 13:46:38.153Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
28/2/2020 - 13:46:38.153Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
28/2/2020 - 13:46:38.153Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
28/2/2020 - 13:46:38.247Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
28/2/2020 - 13:46:38.247Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
28/2/2020 - 13:46:38.247Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
28/2/2020 - 13:46:38.247Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
28/2/2020 - 13:46:38.340Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
28/2/2020 - 13:46:38.340Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
28/2/2020 - 13:46:38.340Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
28/2/2020 - 13:46:38.340Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
28/2/2020 - 13:46:38.434Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
28/2/2020 - 13:46:38.434Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
28/2/2020 - 13:46:38.434Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
28/2/2020 - 13:46:38.434Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
28/2/2020 - 13:46:38.528Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
28/2/2020 - 13:46:38.528Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
28/2/2020 - 13:46:38.528Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
28/2/2020 - 13:46:38.528Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
28/2/2020 - 13:46:38.622Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
28/2/2020 - 13:46:38.622Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
28/2/2020 - 13:46:38.622Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
28/2/2020 - 13:46:38.622Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
28/2/2020 - 13:46:38.715Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
28/2/2020 - 13:46:38.715Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
28/2/2020 - 13:46:38.715Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
28/2/2020 - 13:46:38.715Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
28/2/2020 - 13:46:38.809Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
28/2/2020 - 13:46:38.809Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
28/2/2020 - 13:46:38.809Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
28/2/2020 - 13:46:38.809Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
28/2/2020 - 13:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
28/2/2020 - 13:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
28/2/2020 - 13:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
28/2/2020 - 13:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
28/2/2020 - 13:46:38.997Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
28/2/2020 - 13:46:38.997Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
28/2/2020 - 13:46:38.997Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
28/2/2020 - 13:46:38.997Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
28/2/2020 - 13:46:39.90Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
28/2/2020 - 13:46:39.90Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
28/2/2020 - 13:46:39.90Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
28/2/2020 - 13:46:39.90Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
28/2/2020 - 13:46:39.184Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
28/2/2020 - 13:46:39.184Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
28/2/2020 - 13:46:39.184Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
28/2/2020 - 13:46:39.184Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
28/2/2020 - 13:46:39.465Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
28/2/2020 - 13:46:39.653Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
28/2/2020 - 13:46:39.653Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
28/2/2020 - 13:46:39.653Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
28/2/2020 - 13:46:39.793Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
28/2/2020 - 13:46:39.793Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
28/2/2020 - 13:46:39.793Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
28/2/2020 - 13:46:39.793Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
28/2/2020 - 13:46:39.793Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
28/2/2020 - 13:46:39.793Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
28/2/2020 - 13:46:39.793Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
28/2/2020 - 13:46:39.793Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
28/2/2020 - 13:46:39.840Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
28/2/2020 - 13:46:40.28Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
28/2/2020 - 13:46:40.28Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
28/2/2020 - 13:46:40.28Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
28/2/2020 - 13:46:40.168Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
28/2/2020 - 13:46:40.356Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
28/2/2020 - 13:46:40.356Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
28/2/2020 - 13:46:40.356Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
28/2/2020 - 13:46:40.497Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
28/2/2020 - 13:46:40.684Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
28/2/2020 - 13:46:40.684Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
28/2/2020 - 13:46:40.684Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
28/2/2020 - 13:46:40.825Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
28/2/2020 - 13:46:41.12Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
28/2/2020 - 13:46:41.12Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
28/2/2020 - 13:46:41.12Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
28/2/2020 - 13:46:41.340Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
28/2/2020 - 13:46:41.575Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
28/2/2020 - 13:46:41.809Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
28/2/2020 - 13:46:41.809Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
28/2/2020 - 13:46:41.809Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
28/2/2020 - 13:46:41.950Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
28/2/2020 - 13:46:42.184Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
28/2/2020 - 13:46:42.184Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
28/2/2020 - 13:46:42.184Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
28/2/2020 - 13:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
28/2/2020 - 13:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
28/2/2020 - 13:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
28/2/2020 - 13:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
28/2/2020 - 13:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
28/2/2020 - 13:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
28/2/2020 - 13:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
28/2/2020 - 13:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
28/2/2020 - 13:46:43.75Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
28/2/2020 - 13:46:43.75Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
28/2/2020 - 13:46:43.75Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
28/2/2020 - 13:46:43.75Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
28/2/2020 - 13:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
28/2/2020 - 13:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
28/2/2020 - 13:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
28/2/2020 - 13:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
28/2/2020 - 13:46:43.262Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
28/2/2020 - 13:46:43.262Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
28/2/2020 - 13:46:43.262Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
28/2/2020 - 13:46:43.262Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
28/2/2020 - 13:46:43.356Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
28/2/2020 - 13:46:43.356Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
28/2/2020 - 13:46:43.356Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
28/2/2020 - 13:46:43.356Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
28/2/2020 - 13:46:43.356Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
28/2/2020 - 13:46:43.356Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
28/2/2020 - 13:46:43.356Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
28/2/2020 - 13:46:43.356Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
28/2/2020 - 13:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
28/2/2020 - 13:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
28/2/2020 - 13:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
28/2/2020 - 13:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
28/2/2020 - 13:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
28/2/2020 - 13:46:43.637Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
28/2/2020 - 13:46:43.637Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
28/2/2020 - 13:46:43.637Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
28/2/2020 - 13:46:43.778Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
28/2/2020 - 13:46:43.825Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
28/2/2020 - 13:46:43.825Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
28/2/2020 - 13:46:43.825Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
28/2/2020 - 13:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
28/2/2020 - 13:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
28/2/2020 - 13:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
28/2/2020 - 13:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
28/2/2020 - 13:46:44.153Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
28/2/2020 - 13:46:44.200Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
28/2/2020 - 13:46:44.200Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
28/2/2020 - 13:46:44.200Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
28/2/2020 - 13:46:44.293Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
28/2/2020 - 13:46:44.387Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
28/2/2020 - 13:46:44.387Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
28/2/2020 - 13:46:44.387Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
28/2/2020 - 13:46:44.481Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
28/2/2020 - 13:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
28/2/2020 - 13:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
28/2/2020 - 13:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
28/2/2020 - 13:46:44.668Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
28/2/2020 - 13:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
28/2/2020 - 13:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
28/2/2020 - 13:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
28/2/2020 - 13:46:44.856Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
28/2/2020 - 13:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
28/2/2020 - 13:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
28/2/2020 - 13:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
28/2/2020 - 13:46:45.43Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
28/2/2020 - 13:46:45.90Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
28/2/2020 - 13:46:45.90Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
28/2/2020 - 13:46:45.90Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
28/2/2020 - 13:46:45.184Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
28/2/2020 - 13:46:45.262Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
28/2/2020 - 13:46:45.262Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
28/2/2020 - 13:46:45.262Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
28/2/2020 - 13:46:45.356Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
28/2/2020 - 13:46:45.403Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
28/2/2020 - 13:46:45.403Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
28/2/2020 - 13:46:45.403Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
28/2/2020 - 13:46:45.497Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
28/2/2020 - 13:46:45.543Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
28/2/2020 - 13:46:45.543Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
28/2/2020 - 13:46:45.543Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
28/2/2020 - 13:46:45.637Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
28/2/2020 - 13:46:45.637Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
28/2/2020 - 13:46:45.637Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
28/2/2020 - 13:46:45.637Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
28/2/2020 - 13:46:45.731Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
28/2/2020 - 13:46:45.731Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
28/2/2020 - 13:46:45.731Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
28/2/2020 - 13:46:45.731Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
28/2/2020 - 13:46:45.872Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
28/2/2020 - 13:46:47.418Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
28/2/2020 - 13:46:47.418Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
28/2/2020 - 13:46:47.418Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
28/2/2020 - 13:46:47.512Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
28/2/2020 - 13:46:47.512Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
28/2/2020 - 13:46:47.512Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
28/2/2020 - 13:46:47.512Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
28/2/2020 - 13:46:47.606Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
28/2/2020 - 13:46:47.606Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
28/2/2020 - 13:46:47.606Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
28/2/2020 - 13:46:47.606Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
28/2/2020 - 13:46:47.700Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
28/2/2020 - 13:46:47.700Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
28/2/2020 - 13:46:47.700Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
28/2/2020 - 13:46:47.700Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
28/2/2020 - 13:46:47.793Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
28/2/2020 - 13:46:47.793Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
28/2/2020 - 13:46:47.793Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
28/2/2020 - 13:46:47.793Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
28/2/2020 - 13:46:47.934Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
28/2/2020 - 13:46:47.934Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
28/2/2020 - 13:46:47.934Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
28/2/2020 - 13:46:47.934Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
28/2/2020 - 13:46:48.75Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
28/2/2020 - 13:46:48.75Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
28/2/2020 - 13:46:48.75Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
28/2/2020 - 13:46:48.75Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
28/2/2020 - 13:46:48.215Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
28/2/2020 - 13:46:48.215Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
28/2/2020 - 13:46:48.215Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
28/2/2020 - 13:46:48.215Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
28/2/2020 - 13:46:48.356Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
28/2/2020 - 13:46:48.356Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
28/2/2020 - 13:46:48.356Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
28/2/2020 - 13:46:48.356Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
28/2/2020 - 13:46:48.450Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
28/2/2020 - 13:46:48.450Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
28/2/2020 - 13:46:48.450Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
28/2/2020 - 13:46:48.450Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
28/2/2020 - 13:46:48.543Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
28/2/2020 - 13:46:48.543Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
28/2/2020 - 13:46:48.543Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
28/2/2020 - 13:46:48.543Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
28/2/2020 - 13:46:48.637Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
28/2/2020 - 13:46:48.637Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
28/2/2020 - 13:46:48.637Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
28/2/2020 - 13:46:48.637Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
28/2/2020 - 13:46:48.731Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
28/2/2020 - 13:46:48.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
28/2/2020 - 13:46:48.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
28/2/2020 - 13:46:48.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
28/2/2020 - 13:46:48.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
28/2/2020 - 13:46:48.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
28/2/2020 - 13:46:48.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
28/2/2020 - 13:46:48.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
28/2/2020 - 13:46:48.918Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
28/2/2020 - 13:46:48.918Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
28/2/2020 - 13:46:48.918Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
28/2/2020 - 13:46:48.918Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
28/2/2020 - 13:46:49.59Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
28/2/2020 - 13:46:49.59Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
28/2/2020 - 13:46:49.59Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
28/2/2020 - 13:46:49.59Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
28/2/2020 - 13:46:49.200Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
28/2/2020 - 13:46:49.200Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
28/2/2020 - 13:46:49.200Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
28/2/2020 - 13:46:49.200Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
28/2/2020 - 13:46:49.340Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
28/2/2020 - 13:46:49.340Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
28/2/2020 - 13:46:49.340Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
28/2/2020 - 13:46:49.340Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
28/2/2020 - 13:46:49.481Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
28/2/2020 - 13:46:49.481Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
28/2/2020 - 13:46:49.481Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
28/2/2020 - 13:46:49.481Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
28/2/2020 - 13:46:49.575Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
28/2/2020 - 13:46:49.575Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.575Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
28/2/2020 - 13:46:49.575Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.622Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.668Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.715Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
28/2/2020 - 13:46:49.715Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.762Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.809Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.856Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.903Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.950Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:49.997Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:50.43Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:50.90Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
28/2/2020 - 13:46:50.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
28/2/2020 - 13:46:50.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
28/2/2020 - 13:46:50.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
28/2/2020 - 13:46:50.231Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:50.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:50.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
28/2/2020 - 13:46:50.606Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
28/2/2020 - 13:46:50.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:50.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:50.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:51.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:51.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:51.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:46:51.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:46:51.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:46:51.965Open1480C:\malware.exeC:\dwmapi.dll
28/2/2020 - 13:46:51.965Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
28/2/2020 - 13:46:51.965Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
28/2/2020 - 13:46:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:52.668Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
28/2/2020 - 13:46:52.668Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
28/2/2020 - 13:46:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:46:52.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:52.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:52.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:52.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.90Open1480C:\malware.exeC:\shfolder.dll
28/2/2020 - 13:46:53.90Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
28/2/2020 - 13:46:53.90Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
28/2/2020 - 13:46:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:53.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
28/2/2020 - 13:46:53.793Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:53.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
28/2/2020 - 13:46:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 13:46:54.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 13:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:55.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:55.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:55.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:55.950Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
28/2/2020 - 13:46:56.43Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
28/2/2020 - 13:46:56.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.606Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:46:56.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:46:56.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:56.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:57.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:57.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:57.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
28/2/2020 - 13:46:57.215Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
28/2/2020 - 13:46:57.356Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
28/2/2020 - 13:46:57.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:57.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:57.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:57.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:57.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 13:46:57.684Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:57.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 13:46:57.684Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:57.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 13:46:57.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:57.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:57.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:57.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:57.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:58.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:58.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:58.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:58.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:58.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:58.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:58.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:58.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:58.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 13:46:58.809Open1480C:\malware.exeC:\malware.config
28/2/2020 - 13:46:58.809Open1480C:\malware.exeC:\malware.config
28/2/2020 - 13:46:58.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:58.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:46:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:59.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:59.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 13:46:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\scoregb.zip
28/2/2020 - 13:46:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:46:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:46:59.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
28/2/2020 - 13:47:0.356Open1480C:\malware.exeC:\rasapi32.dll
28/2/2020 - 13:47:0.356Open1480C:\malware.exeC:\Windows\System32\rasapi32.dll
28/2/2020 - 13:47:0.356Open1480C:\malware.exeC:\Windows\System32\rasapi32.dll
28/2/2020 - 13:47:0.356Open1480C:\malware.exeC:\rasman.dll
28/2/2020 - 13:47:0.356Open1480C:\malware.exeC:\Windows\System32\rasman.dll
28/2/2020 - 13:47:0.356Open1480C:\malware.exeC:\Windows\System32\rasman.dll
28/2/2020 - 13:47:0.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:0.403Open1480C:\malware.exeC:\rtutils.dll
28/2/2020 - 13:47:0.403Open1480C:\malware.exeC:\Windows\System32\rtutils.dll
28/2/2020 - 13:47:0.403Open1480C:\malware.exeC:\Windows\System32\rtutils.dll
28/2/2020 - 13:47:0.403Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
28/2/2020 - 13:47:0.403Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
28/2/2020 - 13:47:0.403Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
28/2/2020 - 13:47:0.403Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
28/2/2020 - 13:47:0.403Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
28/2/2020 - 13:47:0.450Open1480C:\malware.exeC:\Windows\System32\wship6.dll
28/2/2020 - 13:47:0.450Open1480C:\malware.exeC:\Windows\System32\wship6.dll
28/2/2020 - 13:47:0.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:0.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:0.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:0.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:0.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.90Open1480C:\malware.exeC:\Windows\System32\tzres.dll
28/2/2020 - 13:47:1.90Open1480C:\malware.exeC:\Windows\System32\tzres.dll
28/2/2020 - 13:47:1.90Open1480C:\malware.exeC:\Windows\System32\tzres.dll
28/2/2020 - 13:47:1.90Open1480C:\malware.exeC:\Windows\System32\tzres.dll
28/2/2020 - 13:47:1.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.512Open1480C:\malware.exeC:\Windows\System32\pt-BR\KernelBase.dll.mui
28/2/2020 - 13:47:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.606Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
28/2/2020 - 13:47:1.606Open1480C:\malware.exeC:\malware.config
28/2/2020 - 13:47:1.606Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:1.606Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:1.606Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:1.606Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
28/2/2020 - 13:47:1.606Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:1.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:1.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
28/2/2020 - 13:47:1.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
28/2/2020 - 13:47:1.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
28/2/2020 - 13:47:1.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:1.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\winhttp.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\webio.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\Windows\System32\webio.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\Windows\System32\webio.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\SspiCli.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\credssp.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\Windows\System32\credssp.dll
28/2/2020 - 13:47:2.434Open1480C:\malware.exeC:\Windows\System32\credssp.dll
28/2/2020 - 13:47:2.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.528Open1480C:\malware.exeC:\IPHLPAPI.DLL
28/2/2020 - 13:47:2.528Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
28/2/2020 - 13:47:2.528Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
28/2/2020 - 13:47:2.528Open1480C:\malware.exeC:\WINNSI.DLL
28/2/2020 - 13:47:2.528Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
28/2/2020 - 13:47:2.528Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
28/2/2020 - 13:47:2.528Open1480C:\malware.exeC:\dhcpcsvc6.DLL
28/2/2020 - 13:47:2.528Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
28/2/2020 - 13:47:2.528Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 13:47:2.528Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
28/2/2020 - 13:47:2.528Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 13:47:2.575Open1480C:\malware.exeC:\dhcpcsvc.DLL
28/2/2020 - 13:47:2.575Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
28/2/2020 - 13:47:2.575Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
28/2/2020 - 13:47:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:2.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:2.997Open1480C:\malware.exeC:\RpcRtRemote.dll
28/2/2020 - 13:47:2.997Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
28/2/2020 - 13:47:2.997Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 13:47:2.997Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
28/2/2020 - 13:47:2.997Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 13:47:3.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
28/2/2020 - 13:47:3.43Open1480C:\malware.exeC:\DNSAPI.dll
28/2/2020 - 13:47:3.43Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
28/2/2020 - 13:47:3.43Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.231Open1480C:\malware.exeC:\rasadhlp.dll
28/2/2020 - 13:47:3.231Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
28/2/2020 - 13:47:3.231Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
28/2/2020 - 13:47:3.559Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
28/2/2020 - 13:47:3.559Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
28/2/2020 - 13:47:3.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:3.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.137Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
28/2/2020 - 13:47:4.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
28/2/2020 - 13:47:4.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
28/2/2020 - 13:47:4.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
28/2/2020 - 13:47:4.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 13:47:4.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\scoregb.zip
28/2/2020 - 13:47:4.153Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
28/2/2020 - 13:47:4.153Delete1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\scoregb.zip
28/2/2020 - 13:47:4.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\scoregb.zip
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\scoregb.zip
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.184Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.200Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.exe
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.exe
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:47:4.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:47:4.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:47:4.200Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR
28/2/2020 - 13:47:4.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
28/2/2020 - 13:47:4.215Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
28/2/2020 - 13:47:4.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:4.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
28/2/2020 - 13:47:4.356Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
28/2/2020 - 13:47:4.356Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:47:4.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:47:4.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:47:4.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.418Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.465Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.559Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.606Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.653Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.747Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.793Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.840Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:4.981Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\symbols\dll\mscorlib.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\dll\mscorlib.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\mscorlib.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\malware.PDB
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\LoaderFinal.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\symbols\exe\LoaderFinal.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\exe\LoaderFinal.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\LoaderFinal.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\symbols\dll\System.Windows.Forms.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\dll\System.Windows.Forms.pdb
28/2/2020 - 13:47:5.28Open1480C:\malware.exeC:\Windows\System.Windows.Forms.pdb
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
28/2/2020 - 13:47:5.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
28/2/2020 - 13:47:5.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
28/2/2020 - 13:47:5.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
28/2/2020 - 13:47:5.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
28/2/2020 - 13:47:5.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
28/2/2020 - 13:47:5.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
28/2/2020 - 13:47:5.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
28/2/2020 - 13:47:5.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
28/2/2020 - 13:47:5.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
28/2/2020 - 13:47:5.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
28/2/2020 - 13:47:5.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
28/2/2020 - 13:47:5.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
28/2/2020 - 13:47:5.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
28/2/2020 - 13:47:5.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
28/2/2020 - 13:47:5.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
28/2/2020 - 13:47:5.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
28/2/2020 - 13:47:5.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
28/2/2020 - 13:47:5.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
28/2/2020 - 13:47:5.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
28/2/2020 - 13:47:5.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
28/2/2020 - 13:47:5.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
28/2/2020 - 13:47:5.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
28/2/2020 - 13:47:5.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
28/2/2020 - 13:47:5.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
28/2/2020 - 13:47:5.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
28/2/2020 - 13:47:5.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
28/2/2020 - 13:47:5.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
28/2/2020 - 13:47:5.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
28/2/2020 - 13:47:5.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
28/2/2020 - 13:47:5.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
28/2/2020 - 13:47:5.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
28/2/2020 - 13:47:5.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
28/2/2020 - 13:47:5.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
28/2/2020 - 13:47:5.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
28/2/2020 - 13:47:5.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
28/2/2020 - 13:47:5.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
28/2/2020 - 13:47:5.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
28/2/2020 - 13:47:5.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
28/2/2020 - 13:47:5.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
28/2/2020 - 13:47:5.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
28/2/2020 - 13:47:5.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
28/2/2020 - 13:47:5.684Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
28/2/2020 - 13:47:5.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
28/2/2020 - 13:47:5.684Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
28/2/2020 - 13:47:5.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
28/2/2020 - 13:47:5.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
28/2/2020 - 13:47:5.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
28/2/2020 - 13:47:5.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
28/2/2020 - 13:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
28/2/2020 - 13:47:5.918Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
28/2/2020 - 13:47:5.918Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
28/2/2020 - 13:47:5.918Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
28/2/2020 - 13:47:5.918Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
28/2/2020 - 13:47:5.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
28/2/2020 - 13:47:5.918Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
28/2/2020 - 13:47:5.918Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:5.918Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
28/2/2020 - 13:47:5.918Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:5.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:5.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
28/2/2020 - 13:47:5.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
28/2/2020 - 13:47:5.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:5.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:5.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:5.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:5.965Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:6.12Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
28/2/2020 - 13:47:6.12Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
28/2/2020 - 13:47:6.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.153Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:47:6.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
28/2/2020 - 13:47:6.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
28/2/2020 - 13:47:6.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
28/2/2020 - 13:47:6.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
28/2/2020 - 13:47:6.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
28/2/2020 - 13:47:6.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
28/2/2020 - 13:47:6.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
28/2/2020 - 13:47:6.153Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
28/2/2020 - 13:47:6.153Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.168Open1480C:\malware.exeC:\WindowsCodecs.dll
28/2/2020 - 13:47:6.168Open1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dll
28/2/2020 - 13:47:6.168Unknown1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dllWindowsCodecs.dll
28/2/2020 - 13:47:6.168Open1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dll
28/2/2020 - 13:47:6.168Unknown1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dllWindowsCodecs.dll
28/2/2020 - 13:47:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:6.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:6.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:6.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.153Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll.Config
28/2/2020 - 13:47:7.153Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
28/2/2020 - 13:47:7.153Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:47:7.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
28/2/2020 - 13:47:7.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
28/2/2020 - 13:47:7.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
28/2/2020 - 13:47:7.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
28/2/2020 - 13:47:7.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 13:47:7.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:46.325Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:46:8.325Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
28/2/2020 - 13:47:0.403Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
28/2/2020 - 13:47:0.403Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
28/2/2020 - 13:47:0.403Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32FileTracingMask
28/2/2020 - 13:47:0.403Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
28/2/2020 - 13:47:0.403Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32MaxFileSize
28/2/2020 - 13:47:0.403Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32FileDirectory
28/2/2020 - 13:47:1.606Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSEnableFileTracing
28/2/2020 - 13:47:1.606Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSEnableConsoleTracing
28/2/2020 - 13:47:1.606Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSFileTracingMask
28/2/2020 - 13:47:1.606Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSConsoleTracingMask
28/2/2020 - 13:47:1.606Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSMaxFileSize
28/2/2020 - 13:47:1.606Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSFileDirectory

File Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code frcsd.org.
computer localhost arrow_forward computer gateway:DNS code frcsd.org.

Response
computer gateway:DNS arrow_forward computer localhost code frcsd.org. reply_all 92.53.241.35


TCP
Info
92.53.241.35:80 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 92.53.241.35:80

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET frcsd.org attach_file /plugins/system/legacy/system32/scoregb.zip

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 72.82%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 77.92%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 79.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 82.98%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download