Report #7916 check_circle

  • Creation Date: Feb. 28, 2020, 5:09 p.m.
  • Last Update: Feb. 29, 2020, 3:16 a.m.
  • File: Anexo991821.exe
  • Results:
Binary
DLL
False cancel
Size
58.00KB
trid
79.2% Generic CIL Executable
7.1% Win32 Dynamic Link Library
4.8% Win32 Executable
2.2% Win16/32 Executable Delphi generic
2.1% OS/2 Executable
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
917b1051363ead2e0e567822b682b58b
sha1
c483f336dfe84df1c793982a03643e3fed920d1c
crc32
0xd24be516
sha224
23e9c52b27b6dcbbb926b00ef48787bc78c511c43dbe2f42ed7a8d42
sha256
14c34565298d1dd25e4a2eac39e7eafb9b122d17e9be1536bcccfe41c8468bd0
sha384
2509ea9447148c6793cfd3e02d5db5a2dc1511d472c7ee2c0d003bc9fc43533357204576fc83ae96c87057f16a2e0f85
sha512
47d5f803eda5b660ee2a05677ce720a3e9a6d3caa72d7fe13b06964710917f48b734157e5d75ab62d7ae69026527606a9c5d3b9b3808d91349f8d63c94106e5d
ssdeep
768:8yzpNVOLk+ezFd9bOhKHgzMDOfkjdgjxa5U6xNphjQ3Nc9TYTty7wP/2Ty7:81qF/sKHMfeAgXhjCIYTty7EF7
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, HasDebugData, NET_executable_, domain, MD5_Constants, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
Ionic.Zip
System.IO
System.Net
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
YHDESAA.pdb
YHDESAA.Properties
System.Security.Cryptography.AesCryptoServiceProvider
System.Security.Cryptography
12.0.0.0
YHDESAA.exe
YHDESAA.exe
YHDESAA.exe
1.2.2.2
1.1.1.1
1.2.2.2
1.2.2.2
YHDESAA.Properties.Resources
YHDESAA.Properties.Resources.resources
4.0.0.0
add_DownloadFileCompleted
GetDelegateForFunctionPointer
file:///
m_useUserOverride
m_useUserOverride
m_useUserOverride
get_BytesReceived
3System.Resources.Tools.StronglyTypedResourceBuilder
Delegate
CreateDelegate
MulticastDelegate
System.Windows.Forms
mscoree.dll
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
ISystem, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
z6e2sUD126yEXT04V5.AsvBR7qdSbnEdQxYON+iWxZYMrjwOkMdJtItQ+mJwqr9Roy8aH0pxrmi`1[[System.Object, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
set_UseShellExecute
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADf
set_Password
get_MetadataToken
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
an8gZdSYrPwTEj0T3P
DebuggableAttribute
DebuggingModes
rlbIOSATfG
ResourceManager
UploadValues
FlushFinalBlock
Hashtable
ComputeHash
CreateEncryptor
CreateDecryptor
CryptoStreamMode
HashAlgorithm
RijndaelManaged
CipherMode
ICryptoTransform
CryptoStream
<PrivateImplementationDetails>{9F246433-BACE-4C6D-9E36-1EEA29FDF100}
$a5dd7e34-7798-4f97-9470-ea4e0d77b016
GetPublicKeyToken
aff10fa2-3bd4-477a-9fa5-25a58d01e07f
add_DownloadProgressChanged
set_UseMachineKeyStore
set_BackgroundImageLayout
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
ComponentResourceManager
DownloadProgressChangedEventArgs
DownloadProgressChangedEventHandler
DebuggerNonUserCodeAttribute
DownloadFileAsync
$$method0x600002a-1
$$method0x6000020-2
$$method0x600002a-2
$$method0x6000039-1
$$method0x6000007-1
$$method0x6000020-1
$$method0x600005f-1
MD5CryptoServiceProvider
$this.TrayHeight
_CorExeMain
ExtractExistingFileAction
m_win32LangID
IEnumerator`1
progressBar1.Modifiers
set_AutoScaleMode
get_Current
get_Window
get_Controls

Foremost
Matches
0.exe, 58 KB, 80.png, 933 B, 82.png, 3 KB, 89.png, 636 B
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 1.1.1.1, 1, one.one.one.one.
Suspicious: 1.2.2.2, 0, Unknown
hasAllowed: True check_circle
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: file:///
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious: Ionic.Zip
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 15
Suspicious: False cancel
Code
Size: 2560
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 15
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .sdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 63726
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-08-24 19:17:22
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 10

pushpopmath
.text: 30

ss register
.text: 16

garbagebytes
.text: 7

programcontrolflowchange
.text: 7

cpuinstructionsresultscomparison
.text: 33

AVclass
banload
1
VirusTotal
md5
917b1051363ead2e0e567822b682b58b
sha1
c483f336dfe84df1c793982a03643e3fed920d1c
SCANS (DETECTION RATE = 82.09%)
AVG
result: Win32:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20180323
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
result: Trojan.GenericKD.2678012
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Downloader.A.27332
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9896
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Backdoor.FDNW-3963
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.DownLoader15.59289
update: 20180323
version: 7.0.28.2020
detected: True check_circle

GData
result: Win32.Trojan.Agent.O9IBBJ
update: 20180323
version: A:25.16481B:25.11861
detected: True check_circle

Panda
result: Trj/Agent.IVN
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.MSIL.Agent
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65478
detected: True check_circle

Zoner
result: Trojan.MSIL
update: 20180323
version: 1.0
detected: True check_circle

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
result: .UnclassifiedMalware
update: 20180323
version: 28732
detected: True check_circle

F-Prot
result: W32/Backdoor2.HZIX
update: 20180323
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan-Downloader.MSIL.Banload
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.xa
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.DL.Win32.Banloaden.sx (CLASSIC)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/Generic-L
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!8i3o81U+7LY
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.67116
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Generic.D28DCFC
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20180316
version: 2.0.5
detected: False cancel

Tencent
result: Msil.Trojan.Agent.Hrot
update: 20180323
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Agent.59392.AV
update: 20180323
version: 2014.3.20.0
detected: True check_circle

eGambit
update: 20180323
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.2678012
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Msil.Agent!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.2678012 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.2678012
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: MSIL/Banload.EL!tr.dldr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
update: 20180323
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Downloader.C975056
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/MSIL.Agent
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.MSIL.Agent.fntk
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:MSIL/Aguadi.A
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20180323
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: Trojan/Downloader.Banload.el
update: 20180319
version: 6.8.0.5.2551
detected: True check_circle

ZoneAlarm
result: Trojan.MSIL.Agent.fntk
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.1363ea
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: MSIL/TrojanDownloader.Banload.EL
update: 20180323
version: 17106
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0CIG17
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Trojan.GenericKD.2678012
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_90% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
result: Trojan.Agent.MSIL
update: 20180323
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.Aguadi
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dwn.dvsuda
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.2678012
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Generic.xa
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0CIG17
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
14c34565298d1dd25e4a2eac39e7eafb9b122d17e9be1536bcccfe41c8468bd0
scan_id
14c34565298d1dd25e4a2eac39e7eafb9b122d17e9be1536bcccfe41c8468bd0-1521838679
resource
917b1051363ead2e0e567822b682b58b
positives
55
scan_date
2018-03-23 20:57:59
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:42.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\
29/2/2020 - 2:45:42.793Unknown1480C:\malware.exeC:\
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\Windows
29/2/2020 - 2:45:42.793Unknown1480C:\malware.exeC:\Windows
29/2/2020 - 2:45:42.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:42.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:42.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
29/2/2020 - 2:45:42.825Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:42.825Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:42.825Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:42.825Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:42.825Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:42.840Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:42.840Open1480C:\malware.exeC:\malware.exe.config
29/2/2020 - 2:45:43.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
29/2/2020 - 2:45:44.153Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 2:45:44.153Unknown1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 2:45:44.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat
29/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
29/2/2020 - 2:45:44.168Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.168Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:45:44.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:45:44.887Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\
29/2/2020 - 2:45:44.887Unknown1480C:\malware.exeC:\
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Monitor
29/2/2020 - 2:45:44.887Unknown1480C:\malware.exeC:\Monitor
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Monitor\Malware
29/2/2020 - 2:45:44.887Unknown1480C:\malware.exeC:\Monitor\Malware
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:45:44.887Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\CRYPTBASE.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
29/2/2020 - 2:45:44.887Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
29/2/2020 - 2:45:44.887Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
29/2/2020 - 2:45:44.887Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 2:45:44.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 2:45:44.950Open1480C:\malware.exeC:\malware.config
29/2/2020 - 2:45:44.950Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:45:44.950Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:45:44.950Open1480C:\malware.exeC:\Monitor\Malware
29/2/2020 - 2:45:44.950Unknown1480C:\malware.exeC:\Monitor\Malware
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:44.950Open1480C:\malware.exeC:\Windows\System32\l_intl.nls
29/2/2020 - 2:45:44.950Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:45:44.950Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:45:44.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
29/2/2020 - 2:45:44.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
29/2/2020 - 2:45:44.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
29/2/2020 - 2:45:44.965Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 2:45:44.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:44.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:44.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.668Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
29/2/2020 - 2:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:46.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:45:46.715Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
29/2/2020 - 2:45:46.856Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
29/2/2020 - 2:45:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.559Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
29/2/2020 - 2:45:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.606Open1480C:\malware.exeC:\malware.config
29/2/2020 - 2:45:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:48.59Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
29/2/2020 - 2:45:48.59Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
29/2/2020 - 2:45:48.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
29/2/2020 - 2:45:48.59Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:48.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
29/2/2020 - 2:45:48.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:48.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:48.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:48.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:48.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:45:48.106Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:45:48.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:45:48.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:45:48.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
29/2/2020 - 2:45:48.387Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.387Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
29/2/2020 - 2:45:48.387Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.434Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.481Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.575Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:45:48.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:45:48.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
29/2/2020 - 2:45:48.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
29/2/2020 - 2:45:48.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
29/2/2020 - 2:45:48.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:48.715Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
29/2/2020 - 2:45:48.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
29/2/2020 - 2:45:48.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
29/2/2020 - 2:45:48.903Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 2:45:48.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:48.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:48.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:48.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:45:48.997Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR
29/2/2020 - 2:45:48.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
29/2/2020 - 2:45:49.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
29/2/2020 - 2:45:49.559Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
29/2/2020 - 2:45:49.700Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:49.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
29/2/2020 - 2:45:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:49.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:49.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:49.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:50.497Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
29/2/2020 - 2:45:50.637Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:50.637Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
29/2/2020 - 2:45:50.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:51.59Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.200Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.200Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:52.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:45:52.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:53.856Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:45:53.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:45:53.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:54.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:54.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:54.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 2:45:54.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 2:45:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:54.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:54.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:54.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:54.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:54.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:54.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:54.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:54.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:54.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:54.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:54.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:54.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:55.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:55.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:55.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:55.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:55.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:55.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:55.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:55.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:45:55.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:55.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:55.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:55.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:55.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:56.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:56.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:56.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:56.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:56.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:45:56.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:56.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:56.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
29/2/2020 - 2:45:57.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:57.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
29/2/2020 - 2:45:58.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 2:45:58.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 2:45:58.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 2:45:58.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:58.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:45:59.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:0.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:0.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:0.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:0.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:0.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:0.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:0.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:0.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:0.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:0.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:1.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:1.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:1.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:1.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:1.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:1.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:1.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:1.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:1.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:2.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:2.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:2.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:2.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:2.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:3.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:3.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:3.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:3.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:3.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:3.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:3.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:3.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:3.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:4.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:4.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:4.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:4.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:4.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:4.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:4.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:5.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:5.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:5.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:5.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:5.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:5.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:5.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:5.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:5.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:6.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:6.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:6.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:6.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:6.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:6.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:6.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:6.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:6.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:6.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:6.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:7.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:7.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:7.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:7.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:7.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:7.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:7.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:7.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:7.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:7.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:7.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:7.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:7.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:7.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:7.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:7.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:7.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:7.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Gdiplus.dll
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
29/2/2020 - 2:46:7.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\ShFolder.DLL
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 2:46:7.887Unknown1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 2:46:7.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\System32\GDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 2:46:7.887Unknown1480C:\malware.exeC:\Users\Behemot
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 2:46:7.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:7.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:7.887Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
29/2/2020 - 2:46:7.887Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 2:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
29/2/2020 - 2:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
29/2/2020 - 2:46:7.934Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
29/2/2020 - 2:46:7.950Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 2:46:7.950Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 2:46:7.950Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 2:46:7.950Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 2:46:7.950Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
29/2/2020 - 2:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
29/2/2020 - 2:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
29/2/2020 - 2:46:7.997Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
29/2/2020 - 2:46:7.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
29/2/2020 - 2:46:7.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
29/2/2020 - 2:46:7.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
29/2/2020 - 2:46:7.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
29/2/2020 - 2:46:7.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
29/2/2020 - 2:46:7.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
29/2/2020 - 2:46:7.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
29/2/2020 - 2:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 2:46:8.28Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
29/2/2020 - 2:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
29/2/2020 - 2:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
29/2/2020 - 2:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
29/2/2020 - 2:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
29/2/2020 - 2:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
29/2/2020 - 2:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
29/2/2020 - 2:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
29/2/2020 - 2:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
29/2/2020 - 2:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
29/2/2020 - 2:46:8.59Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
29/2/2020 - 2:46:8.59Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
29/2/2020 - 2:46:8.59Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 2:46:8.59Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 2:46:8.59Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 2:46:8.59Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 2:46:8.75Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 2:46:8.90Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 2:46:8.90Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
29/2/2020 - 2:46:8.90Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 2:46:8.106Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 2:46:8.106Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 2:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 2:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 2:46:9.481Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 2:46:9.903Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
29/2/2020 - 2:46:10.278Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
29/2/2020 - 2:46:10.278Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
29/2/2020 - 2:46:10.278Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
29/2/2020 - 2:46:10.418Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
29/2/2020 - 2:46:10.465Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 2:46:10.465Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 2:46:10.465Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 2:46:10.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 2:46:11.122Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
29/2/2020 - 2:46:11.122Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
29/2/2020 - 2:46:11.122Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
29/2/2020 - 2:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
29/2/2020 - 2:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 2:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 2:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 2:46:12.153Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
29/2/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
29/2/2020 - 2:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
29/2/2020 - 2:46:12.934Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
29/2/2020 - 2:46:13.309Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 2:46:13.309Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 2:46:13.309Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 2:46:13.825Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 2:46:14.200Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 2:46:14.200Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
29/2/2020 - 2:46:14.200Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 2:46:14.200Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 2:46:14.200Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 2:46:14.715Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 2:46:15.137Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 2:46:15.137Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
29/2/2020 - 2:46:15.137Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
29/2/2020 - 2:46:15.137Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
29/2/2020 - 2:46:15.137Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
29/2/2020 - 2:46:15.278Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
29/2/2020 - 2:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 2:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 2:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 2:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 2:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 2:46:16.309Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
29/2/2020 - 2:46:16.403Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 2:46:16.403Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 2:46:16.403Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 2:46:16.778Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 2:46:17.153Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
29/2/2020 - 2:46:17.247Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
29/2/2020 - 2:46:17.247Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
29/2/2020 - 2:46:17.247Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
29/2/2020 - 2:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
29/2/2020 - 2:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
29/2/2020 - 2:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
29/2/2020 - 2:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
29/2/2020 - 2:46:17.434Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
29/2/2020 - 2:46:17.434Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
29/2/2020 - 2:46:17.434Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
29/2/2020 - 2:46:17.434Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
29/2/2020 - 2:46:17.528Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
29/2/2020 - 2:46:17.528Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
29/2/2020 - 2:46:17.528Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
29/2/2020 - 2:46:17.528Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
29/2/2020 - 2:46:17.668Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
29/2/2020 - 2:46:17.762Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
29/2/2020 - 2:46:17.762Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
29/2/2020 - 2:46:17.762Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
29/2/2020 - 2:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
29/2/2020 - 2:46:17.950Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
29/2/2020 - 2:46:17.950Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
29/2/2020 - 2:46:17.950Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
29/2/2020 - 2:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
29/2/2020 - 2:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
29/2/2020 - 2:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
29/2/2020 - 2:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
29/2/2020 - 2:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
29/2/2020 - 2:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
29/2/2020 - 2:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
29/2/2020 - 2:46:18.184Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
29/2/2020 - 2:46:18.278Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
29/2/2020 - 2:46:18.278Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
29/2/2020 - 2:46:18.278Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
29/2/2020 - 2:46:18.278Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
29/2/2020 - 2:46:18.372Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
29/2/2020 - 2:46:18.372Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
29/2/2020 - 2:46:18.372Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
29/2/2020 - 2:46:18.372Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
29/2/2020 - 2:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
29/2/2020 - 2:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
29/2/2020 - 2:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
29/2/2020 - 2:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
29/2/2020 - 2:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
29/2/2020 - 2:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 2:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 2:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 2:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 2:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
29/2/2020 - 2:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
29/2/2020 - 2:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
29/2/2020 - 2:46:18.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
29/2/2020 - 2:46:18.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
29/2/2020 - 2:46:18.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
29/2/2020 - 2:46:18.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
29/2/2020 - 2:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
29/2/2020 - 2:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
29/2/2020 - 2:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
29/2/2020 - 2:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
29/2/2020 - 2:46:19.168Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
29/2/2020 - 2:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
29/2/2020 - 2:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
29/2/2020 - 2:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
29/2/2020 - 2:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
29/2/2020 - 2:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
29/2/2020 - 2:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
29/2/2020 - 2:46:19.731Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 2:46:19.731Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 2:46:19.731Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 2:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 2:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
29/2/2020 - 2:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
29/2/2020 - 2:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
29/2/2020 - 2:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
29/2/2020 - 2:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
29/2/2020 - 2:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
29/2/2020 - 2:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
29/2/2020 - 2:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
29/2/2020 - 2:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
29/2/2020 - 2:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
29/2/2020 - 2:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
29/2/2020 - 2:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
29/2/2020 - 2:46:20.622Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
29/2/2020 - 2:46:20.622Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
29/2/2020 - 2:46:20.622Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
29/2/2020 - 2:46:20.622Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
29/2/2020 - 2:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
29/2/2020 - 2:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
29/2/2020 - 2:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
29/2/2020 - 2:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
29/2/2020 - 2:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
29/2/2020 - 2:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
29/2/2020 - 2:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
29/2/2020 - 2:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
29/2/2020 - 2:46:20.856Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
29/2/2020 - 2:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
29/2/2020 - 2:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
29/2/2020 - 2:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
29/2/2020 - 2:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
29/2/2020 - 2:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
29/2/2020 - 2:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
29/2/2020 - 2:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
29/2/2020 - 2:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
29/2/2020 - 2:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
29/2/2020 - 2:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
29/2/2020 - 2:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
29/2/2020 - 2:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
29/2/2020 - 2:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
29/2/2020 - 2:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
29/2/2020 - 2:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
29/2/2020 - 2:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
29/2/2020 - 2:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
29/2/2020 - 2:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
29/2/2020 - 2:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
29/2/2020 - 2:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
29/2/2020 - 2:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
29/2/2020 - 2:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
29/2/2020 - 2:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
29/2/2020 - 2:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
29/2/2020 - 2:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
29/2/2020 - 2:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
29/2/2020 - 2:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
29/2/2020 - 2:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
29/2/2020 - 2:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
29/2/2020 - 2:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
29/2/2020 - 2:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
29/2/2020 - 2:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
29/2/2020 - 2:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
29/2/2020 - 2:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
29/2/2020 - 2:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
29/2/2020 - 2:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
29/2/2020 - 2:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 2:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 2:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 2:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 2:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
29/2/2020 - 2:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
29/2/2020 - 2:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
29/2/2020 - 2:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
29/2/2020 - 2:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
29/2/2020 - 2:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
29/2/2020 - 2:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
29/2/2020 - 2:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
29/2/2020 - 2:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
29/2/2020 - 2:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
29/2/2020 - 2:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
29/2/2020 - 2:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
29/2/2020 - 2:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
29/2/2020 - 2:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
29/2/2020 - 2:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
29/2/2020 - 2:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
29/2/2020 - 2:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
29/2/2020 - 2:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
29/2/2020 - 2:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
29/2/2020 - 2:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
29/2/2020 - 2:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
29/2/2020 - 2:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
29/2/2020 - 2:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
29/2/2020 - 2:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
29/2/2020 - 2:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
29/2/2020 - 2:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
29/2/2020 - 2:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
29/2/2020 - 2:46:22.731Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
29/2/2020 - 2:46:22.731Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
29/2/2020 - 2:46:22.731Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
29/2/2020 - 2:46:22.731Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
29/2/2020 - 2:46:22.825Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
29/2/2020 - 2:46:22.825Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
29/2/2020 - 2:46:22.825Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
29/2/2020 - 2:46:22.825Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
29/2/2020 - 2:46:22.918Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
29/2/2020 - 2:46:22.918Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
29/2/2020 - 2:46:22.918Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
29/2/2020 - 2:46:22.918Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
29/2/2020 - 2:46:23.12Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
29/2/2020 - 2:46:23.12Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
29/2/2020 - 2:46:23.12Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
29/2/2020 - 2:46:23.12Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
29/2/2020 - 2:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
29/2/2020 - 2:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
29/2/2020 - 2:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
29/2/2020 - 2:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
29/2/2020 - 2:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
29/2/2020 - 2:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
29/2/2020 - 2:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
29/2/2020 - 2:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
29/2/2020 - 2:46:23.293Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
29/2/2020 - 2:46:23.293Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
29/2/2020 - 2:46:23.293Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
29/2/2020 - 2:46:23.293Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
29/2/2020 - 2:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
29/2/2020 - 2:46:23.481Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
29/2/2020 - 2:46:23.481Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
29/2/2020 - 2:46:23.481Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
29/2/2020 - 2:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
29/2/2020 - 2:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
29/2/2020 - 2:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
29/2/2020 - 2:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
29/2/2020 - 2:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
29/2/2020 - 2:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
29/2/2020 - 2:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
29/2/2020 - 2:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
29/2/2020 - 2:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
29/2/2020 - 2:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
29/2/2020 - 2:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
29/2/2020 - 2:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
29/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
29/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
29/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
29/2/2020 - 2:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
29/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
29/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
29/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
29/2/2020 - 2:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
29/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
29/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
29/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
29/2/2020 - 2:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
29/2/2020 - 2:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
29/2/2020 - 2:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
29/2/2020 - 2:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
29/2/2020 - 2:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
29/2/2020 - 2:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
29/2/2020 - 2:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
29/2/2020 - 2:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
29/2/2020 - 2:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
29/2/2020 - 2:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
29/2/2020 - 2:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
29/2/2020 - 2:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
29/2/2020 - 2:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
29/2/2020 - 2:46:24.606Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
29/2/2020 - 2:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
29/2/2020 - 2:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
29/2/2020 - 2:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
29/2/2020 - 2:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
29/2/2020 - 2:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
29/2/2020 - 2:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
29/2/2020 - 2:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
29/2/2020 - 2:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
29/2/2020 - 2:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
29/2/2020 - 2:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
29/2/2020 - 2:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
29/2/2020 - 2:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
29/2/2020 - 2:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
29/2/2020 - 2:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
29/2/2020 - 2:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
29/2/2020 - 2:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
29/2/2020 - 2:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
29/2/2020 - 2:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
29/2/2020 - 2:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
29/2/2020 - 2:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
29/2/2020 - 2:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
29/2/2020 - 2:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
29/2/2020 - 2:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
29/2/2020 - 2:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
29/2/2020 - 2:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
29/2/2020 - 2:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
29/2/2020 - 2:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
29/2/2020 - 2:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
29/2/2020 - 2:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
29/2/2020 - 2:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
29/2/2020 - 2:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
29/2/2020 - 2:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
29/2/2020 - 2:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
29/2/2020 - 2:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
29/2/2020 - 2:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\script.fon
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\script.fon
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\script.fon
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
29/2/2020 - 2:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
29/2/2020 - 2:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
29/2/2020 - 2:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
29/2/2020 - 2:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
29/2/2020 - 2:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
29/2/2020 - 2:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
29/2/2020 - 2:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
29/2/2020 - 2:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
29/2/2020 - 2:46:25.825Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
29/2/2020 - 2:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
29/2/2020 - 2:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
29/2/2020 - 2:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
29/2/2020 - 2:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
29/2/2020 - 2:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
29/2/2020 - 2:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
29/2/2020 - 2:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
29/2/2020 - 2:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
29/2/2020 - 2:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
29/2/2020 - 2:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
29/2/2020 - 2:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
29/2/2020 - 2:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
29/2/2020 - 2:46:26.247Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
29/2/2020 - 2:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
29/2/2020 - 2:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
29/2/2020 - 2:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
29/2/2020 - 2:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
29/2/2020 - 2:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
29/2/2020 - 2:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
29/2/2020 - 2:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
29/2/2020 - 2:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
29/2/2020 - 2:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
29/2/2020 - 2:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
29/2/2020 - 2:46:26.762Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
29/2/2020 - 2:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
29/2/2020 - 2:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
29/2/2020 - 2:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
29/2/2020 - 2:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
29/2/2020 - 2:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
29/2/2020 - 2:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
29/2/2020 - 2:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
29/2/2020 - 2:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
29/2/2020 - 2:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
29/2/2020 - 2:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
29/2/2020 - 2:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
29/2/2020 - 2:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
29/2/2020 - 2:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
29/2/2020 - 2:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
29/2/2020 - 2:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
29/2/2020 - 2:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
29/2/2020 - 2:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
29/2/2020 - 2:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
29/2/2020 - 2:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
29/2/2020 - 2:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
29/2/2020 - 2:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
29/2/2020 - 2:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
29/2/2020 - 2:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
29/2/2020 - 2:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
29/2/2020 - 2:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
29/2/2020 - 2:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
29/2/2020 - 2:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
29/2/2020 - 2:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
29/2/2020 - 2:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
29/2/2020 - 2:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
29/2/2020 - 2:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
29/2/2020 - 2:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
29/2/2020 - 2:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
29/2/2020 - 2:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
29/2/2020 - 2:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
29/2/2020 - 2:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
29/2/2020 - 2:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
29/2/2020 - 2:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
29/2/2020 - 2:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
29/2/2020 - 2:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
29/2/2020 - 2:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
29/2/2020 - 2:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
29/2/2020 - 2:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
29/2/2020 - 2:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
29/2/2020 - 2:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
29/2/2020 - 2:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
29/2/2020 - 2:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
29/2/2020 - 2:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
29/2/2020 - 2:46:28.497Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
29/2/2020 - 2:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
29/2/2020 - 2:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
29/2/2020 - 2:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
29/2/2020 - 2:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
29/2/2020 - 2:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
29/2/2020 - 2:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
29/2/2020 - 2:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
29/2/2020 - 2:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
29/2/2020 - 2:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
29/2/2020 - 2:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
29/2/2020 - 2:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
29/2/2020 - 2:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
29/2/2020 - 2:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
29/2/2020 - 2:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
29/2/2020 - 2:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
29/2/2020 - 2:46:29.340Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
29/2/2020 - 2:46:29.340Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
29/2/2020 - 2:46:29.340Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
29/2/2020 - 2:46:29.340Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
29/2/2020 - 2:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
29/2/2020 - 2:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
29/2/2020 - 2:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
29/2/2020 - 2:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
29/2/2020 - 2:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
29/2/2020 - 2:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
29/2/2020 - 2:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
29/2/2020 - 2:46:29.528Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
29/2/2020 - 2:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
29/2/2020 - 2:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
29/2/2020 - 2:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
29/2/2020 - 2:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
29/2/2020 - 2:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
29/2/2020 - 2:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
29/2/2020 - 2:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
29/2/2020 - 2:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
29/2/2020 - 2:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
29/2/2020 - 2:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
29/2/2020 - 2:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
29/2/2020 - 2:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
29/2/2020 - 2:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
29/2/2020 - 2:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
29/2/2020 - 2:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
29/2/2020 - 2:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
29/2/2020 - 2:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
29/2/2020 - 2:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
29/2/2020 - 2:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
29/2/2020 - 2:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
29/2/2020 - 2:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
29/2/2020 - 2:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
29/2/2020 - 2:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
29/2/2020 - 2:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
29/2/2020 - 2:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
29/2/2020 - 2:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
29/2/2020 - 2:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
29/2/2020 - 2:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
29/2/2020 - 2:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
29/2/2020 - 2:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
29/2/2020 - 2:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
29/2/2020 - 2:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
29/2/2020 - 2:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
29/2/2020 - 2:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
29/2/2020 - 2:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
29/2/2020 - 2:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
29/2/2020 - 2:46:30.465Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
29/2/2020 - 2:46:30.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
29/2/2020 - 2:46:30.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
29/2/2020 - 2:46:30.465Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
29/2/2020 - 2:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
29/2/2020 - 2:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
29/2/2020 - 2:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
29/2/2020 - 2:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
29/2/2020 - 2:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
29/2/2020 - 2:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
29/2/2020 - 2:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
29/2/2020 - 2:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
29/2/2020 - 2:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
29/2/2020 - 2:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
29/2/2020 - 2:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
29/2/2020 - 2:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
29/2/2020 - 2:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
29/2/2020 - 2:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
29/2/2020 - 2:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
29/2/2020 - 2:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
29/2/2020 - 2:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
29/2/2020 - 2:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
29/2/2020 - 2:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
29/2/2020 - 2:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
29/2/2020 - 2:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
29/2/2020 - 2:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
29/2/2020 - 2:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
29/2/2020 - 2:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
29/2/2020 - 2:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
29/2/2020 - 2:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
29/2/2020 - 2:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
29/2/2020 - 2:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
29/2/2020 - 2:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
29/2/2020 - 2:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
29/2/2020 - 2:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
29/2/2020 - 2:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
29/2/2020 - 2:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
29/2/2020 - 2:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
29/2/2020 - 2:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
29/2/2020 - 2:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
29/2/2020 - 2:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
29/2/2020 - 2:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
29/2/2020 - 2:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
29/2/2020 - 2:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
29/2/2020 - 2:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
29/2/2020 - 2:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
29/2/2020 - 2:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
29/2/2020 - 2:46:31.497Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
29/2/2020 - 2:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
29/2/2020 - 2:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
29/2/2020 - 2:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
29/2/2020 - 2:46:31.590Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
29/2/2020 - 2:46:31.684Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
29/2/2020 - 2:46:31.684Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
29/2/2020 - 2:46:31.684Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
29/2/2020 - 2:46:31.684Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
29/2/2020 - 2:46:31.778Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
29/2/2020 - 2:46:31.778Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
29/2/2020 - 2:46:31.778Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
29/2/2020 - 2:46:31.778Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
29/2/2020 - 2:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
29/2/2020 - 2:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
29/2/2020 - 2:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
29/2/2020 - 2:46:31.872Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
29/2/2020 - 2:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
29/2/2020 - 2:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
29/2/2020 - 2:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
29/2/2020 - 2:46:31.965Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
29/2/2020 - 2:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
29/2/2020 - 2:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
29/2/2020 - 2:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
29/2/2020 - 2:46:32.59Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
29/2/2020 - 2:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
29/2/2020 - 2:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
29/2/2020 - 2:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
29/2/2020 - 2:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
29/2/2020 - 2:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
29/2/2020 - 2:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
29/2/2020 - 2:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
29/2/2020 - 2:46:32.247Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
29/2/2020 - 2:46:32.340Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
29/2/2020 - 2:46:32.340Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
29/2/2020 - 2:46:32.340Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
29/2/2020 - 2:46:32.340Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
29/2/2020 - 2:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
29/2/2020 - 2:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
29/2/2020 - 2:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
29/2/2020 - 2:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
29/2/2020 - 2:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
29/2/2020 - 2:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
29/2/2020 - 2:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
29/2/2020 - 2:46:32.528Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
29/2/2020 - 2:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
29/2/2020 - 2:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
29/2/2020 - 2:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
29/2/2020 - 2:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
29/2/2020 - 2:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
29/2/2020 - 2:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
29/2/2020 - 2:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
29/2/2020 - 2:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
29/2/2020 - 2:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
29/2/2020 - 2:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
29/2/2020 - 2:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
29/2/2020 - 2:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
29/2/2020 - 2:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
29/2/2020 - 2:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
29/2/2020 - 2:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
29/2/2020 - 2:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
29/2/2020 - 2:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
29/2/2020 - 2:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
29/2/2020 - 2:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
29/2/2020 - 2:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
29/2/2020 - 2:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
29/2/2020 - 2:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
29/2/2020 - 2:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
29/2/2020 - 2:46:33.122Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
29/2/2020 - 2:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
29/2/2020 - 2:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
29/2/2020 - 2:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
29/2/2020 - 2:46:33.215Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
29/2/2020 - 2:46:33.497Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
29/2/2020 - 2:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
29/2/2020 - 2:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
29/2/2020 - 2:46:33.684Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
29/2/2020 - 2:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
29/2/2020 - 2:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
29/2/2020 - 2:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
29/2/2020 - 2:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
29/2/2020 - 2:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
29/2/2020 - 2:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
29/2/2020 - 2:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
29/2/2020 - 2:46:33.825Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
29/2/2020 - 2:46:33.872Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
29/2/2020 - 2:46:34.59Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
29/2/2020 - 2:46:34.59Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
29/2/2020 - 2:46:34.59Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
29/2/2020 - 2:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
29/2/2020 - 2:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
29/2/2020 - 2:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
29/2/2020 - 2:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
29/2/2020 - 2:46:34.528Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
29/2/2020 - 2:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
29/2/2020 - 2:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
29/2/2020 - 2:46:34.715Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
29/2/2020 - 2:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
29/2/2020 - 2:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 2:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 2:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 2:46:35.372Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 2:46:35.606Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
29/2/2020 - 2:46:35.840Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
29/2/2020 - 2:46:35.840Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
29/2/2020 - 2:46:35.840Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
29/2/2020 - 2:46:35.981Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
29/2/2020 - 2:46:36.215Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
29/2/2020 - 2:46:36.215Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
29/2/2020 - 2:46:36.215Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
29/2/2020 - 2:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
29/2/2020 - 2:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
29/2/2020 - 2:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
29/2/2020 - 2:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
29/2/2020 - 2:46:36.778Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
29/2/2020 - 2:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
29/2/2020 - 2:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
29/2/2020 - 2:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
29/2/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
29/2/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
29/2/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
29/2/2020 - 2:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
29/2/2020 - 2:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
29/2/2020 - 2:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
29/2/2020 - 2:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
29/2/2020 - 2:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
29/2/2020 - 2:46:37.293Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
29/2/2020 - 2:46:37.293Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
29/2/2020 - 2:46:37.293Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
29/2/2020 - 2:46:37.293Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
29/2/2020 - 2:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
29/2/2020 - 2:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
29/2/2020 - 2:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
29/2/2020 - 2:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
29/2/2020 - 2:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
29/2/2020 - 2:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
29/2/2020 - 2:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
29/2/2020 - 2:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
29/2/2020 - 2:46:37.481Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
29/2/2020 - 2:46:37.481Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
29/2/2020 - 2:46:37.481Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
29/2/2020 - 2:46:37.481Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
29/2/2020 - 2:46:37.622Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
29/2/2020 - 2:46:37.668Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
29/2/2020 - 2:46:37.668Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
29/2/2020 - 2:46:37.668Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
29/2/2020 - 2:46:37.809Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
29/2/2020 - 2:46:37.856Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
29/2/2020 - 2:46:37.856Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
29/2/2020 - 2:46:37.856Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
29/2/2020 - 2:46:37.997Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
29/2/2020 - 2:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
29/2/2020 - 2:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
29/2/2020 - 2:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
29/2/2020 - 2:46:38.184Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
29/2/2020 - 2:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
29/2/2020 - 2:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
29/2/2020 - 2:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
29/2/2020 - 2:46:38.325Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
29/2/2020 - 2:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
29/2/2020 - 2:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
29/2/2020 - 2:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
29/2/2020 - 2:46:38.512Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
29/2/2020 - 2:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
29/2/2020 - 2:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
29/2/2020 - 2:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
29/2/2020 - 2:46:38.700Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
29/2/2020 - 2:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
29/2/2020 - 2:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
29/2/2020 - 2:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
29/2/2020 - 2:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
29/2/2020 - 2:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
29/2/2020 - 2:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
29/2/2020 - 2:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
29/2/2020 - 2:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
29/2/2020 - 2:46:39.122Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
29/2/2020 - 2:46:39.122Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
29/2/2020 - 2:46:39.122Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
29/2/2020 - 2:46:39.215Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
29/2/2020 - 2:46:39.262Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
29/2/2020 - 2:46:39.262Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
29/2/2020 - 2:46:39.262Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
29/2/2020 - 2:46:39.356Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
29/2/2020 - 2:46:39.403Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
29/2/2020 - 2:46:39.403Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
29/2/2020 - 2:46:39.403Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
29/2/2020 - 2:46:39.497Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
29/2/2020 - 2:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
29/2/2020 - 2:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
29/2/2020 - 2:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
29/2/2020 - 2:46:39.637Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
29/2/2020 - 2:46:39.637Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
29/2/2020 - 2:46:39.637Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
29/2/2020 - 2:46:39.637Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
29/2/2020 - 2:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
29/2/2020 - 2:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
29/2/2020 - 2:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
29/2/2020 - 2:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
29/2/2020 - 2:46:39.872Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
29/2/2020 - 2:46:41.418Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
29/2/2020 - 2:46:41.418Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
29/2/2020 - 2:46:41.418Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
29/2/2020 - 2:46:41.512Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
29/2/2020 - 2:46:41.512Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
29/2/2020 - 2:46:41.512Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
29/2/2020 - 2:46:41.512Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
29/2/2020 - 2:46:41.606Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
29/2/2020 - 2:46:41.606Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
29/2/2020 - 2:46:41.606Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
29/2/2020 - 2:46:41.606Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
29/2/2020 - 2:46:41.700Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
29/2/2020 - 2:46:41.700Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
29/2/2020 - 2:46:41.700Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
29/2/2020 - 2:46:41.700Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
29/2/2020 - 2:46:41.793Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
29/2/2020 - 2:46:41.793Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
29/2/2020 - 2:46:41.793Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
29/2/2020 - 2:46:41.793Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
29/2/2020 - 2:46:41.934Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
29/2/2020 - 2:46:41.934Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
29/2/2020 - 2:46:41.934Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
29/2/2020 - 2:46:41.934Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
29/2/2020 - 2:46:42.75Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
29/2/2020 - 2:46:42.75Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
29/2/2020 - 2:46:42.75Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
29/2/2020 - 2:46:42.75Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
29/2/2020 - 2:46:42.215Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
29/2/2020 - 2:46:42.215Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
29/2/2020 - 2:46:42.215Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
29/2/2020 - 2:46:42.215Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
29/2/2020 - 2:46:42.356Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
29/2/2020 - 2:46:42.356Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
29/2/2020 - 2:46:42.356Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
29/2/2020 - 2:46:42.356Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
29/2/2020 - 2:46:42.450Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
29/2/2020 - 2:46:42.450Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
29/2/2020 - 2:46:42.450Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
29/2/2020 - 2:46:42.450Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
29/2/2020 - 2:46:42.543Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
29/2/2020 - 2:46:42.543Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
29/2/2020 - 2:46:42.543Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
29/2/2020 - 2:46:42.543Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
29/2/2020 - 2:46:42.637Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
29/2/2020 - 2:46:42.637Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
29/2/2020 - 2:46:42.637Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
29/2/2020 - 2:46:42.637Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
29/2/2020 - 2:46:42.731Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
29/2/2020 - 2:46:42.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
29/2/2020 - 2:46:42.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
29/2/2020 - 2:46:42.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
29/2/2020 - 2:46:42.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
29/2/2020 - 2:46:42.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
29/2/2020 - 2:46:42.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
29/2/2020 - 2:46:42.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
29/2/2020 - 2:46:42.918Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
29/2/2020 - 2:46:42.918Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
29/2/2020 - 2:46:42.918Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
29/2/2020 - 2:46:42.918Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
29/2/2020 - 2:46:43.59Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
29/2/2020 - 2:46:43.59Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
29/2/2020 - 2:46:43.59Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
29/2/2020 - 2:46:43.59Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
29/2/2020 - 2:46:43.200Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
29/2/2020 - 2:46:43.200Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
29/2/2020 - 2:46:43.200Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
29/2/2020 - 2:46:43.200Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
29/2/2020 - 2:46:43.340Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
29/2/2020 - 2:46:43.340Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
29/2/2020 - 2:46:43.340Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
29/2/2020 - 2:46:43.340Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
29/2/2020 - 2:46:43.481Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
29/2/2020 - 2:46:43.481Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
29/2/2020 - 2:46:43.481Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
29/2/2020 - 2:46:43.481Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
29/2/2020 - 2:46:43.575Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
29/2/2020 - 2:46:43.575Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.575Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
29/2/2020 - 2:46:43.575Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.622Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.668Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.715Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
29/2/2020 - 2:46:43.715Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.762Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.809Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.856Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.903Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.950Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:43.997Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:44.43Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:44.90Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
29/2/2020 - 2:46:44.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
29/2/2020 - 2:46:44.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
29/2/2020 - 2:46:44.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
29/2/2020 - 2:46:44.231Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
29/2/2020 - 2:46:44.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:44.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:44.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:44.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:44.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
29/2/2020 - 2:46:44.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:44.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:44.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
29/2/2020 - 2:46:44.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
29/2/2020 - 2:46:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:44.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:45.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:45.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:45.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:45.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:46.59Open1480C:\malware.exeC:\pt-BR\YHDESAA.resources.dll
29/2/2020 - 2:46:46.59Open1480C:\malware.exeC:\pt-BR\YHDESAA.resources\YHDESAA.resources.dll
29/2/2020 - 2:46:46.59Open1480C:\malware.exeC:\pt-BR\YHDESAA.resources.exe
29/2/2020 - 2:46:46.59Open1480C:\malware.exeC:\pt-BR\YHDESAA.resources\YHDESAA.resources.exe
29/2/2020 - 2:46:46.153Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
29/2/2020 - 2:46:46.153Open1480C:\malware.exeC:\pt\YHDESAA.resources.dll
29/2/2020 - 2:46:46.153Open1480C:\malware.exeC:\pt\YHDESAA.resources\YHDESAA.resources.dll
29/2/2020 - 2:46:46.153Open1480C:\malware.exeC:\pt\YHDESAA.resources.exe
29/2/2020 - 2:46:46.153Open1480C:\malware.exeC:\pt\YHDESAA.resources\YHDESAA.resources.exe
29/2/2020 - 2:46:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:46.715Open1480C:\malware.exeC:\WindowsCodecs.dll
29/2/2020 - 2:46:46.715Open1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dll
29/2/2020 - 2:46:46.715Unknown1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dllWindowsCodecs.dll
29/2/2020 - 2:46:46.715Open1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dll
29/2/2020 - 2:46:46.715Unknown1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dllWindowsCodecs.dll
29/2/2020 - 2:46:46.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.934Open1480C:\malware.exeC:\dwmapi.dll
29/2/2020 - 2:46:47.934Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
29/2/2020 - 2:46:47.934Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
29/2/2020 - 2:46:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.168Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 2:46:48.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
29/2/2020 - 2:46:48.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
29/2/2020 - 2:46:48.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
29/2/2020 - 2:46:48.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
29/2/2020 - 2:46:48.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
29/2/2020 - 2:46:48.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
29/2/2020 - 2:46:48.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
29/2/2020 - 2:46:48.168Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
29/2/2020 - 2:46:48.168Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
29/2/2020 - 2:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.12Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
29/2/2020 - 2:46:52.12Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 2:46:52.12Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.28Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
29/2/2020 - 2:46:52.28Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.28Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:46:52.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
29/2/2020 - 2:46:52.59Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
29/2/2020 - 2:46:52.59Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
29/2/2020 - 2:46:52.75Open1480C:\malware.exeC:\malware.config
29/2/2020 - 2:46:52.75Open1480C:\malware.exeC:\malware.config
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
29/2/2020 - 2:46:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
29/2/2020 - 2:46:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:52.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:52.856Open1480C:\malware.exeC:\Monitor\Ionic.zip.dll
29/2/2020 - 2:46:52.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:52.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:53.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
29/2/2020 - 2:46:54.28Open1480C:\malware.exeC:\rasapi32.dll
29/2/2020 - 2:46:54.28Open1480C:\malware.exeC:\Windows\System32\rasapi32.dll
29/2/2020 - 2:46:54.28Open1480C:\malware.exeC:\Windows\System32\rasapi32.dll
29/2/2020 - 2:46:54.28Open1480C:\malware.exeC:\rasman.dll
29/2/2020 - 2:46:54.28Open1480C:\malware.exeC:\Windows\System32\rasman.dll
29/2/2020 - 2:46:54.28Open1480C:\malware.exeC:\Windows\System32\rasman.dll
29/2/2020 - 2:46:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.122Open1480C:\malware.exeC:\rtutils.dll
29/2/2020 - 2:46:54.122Open1480C:\malware.exeC:\Windows\System32\rtutils.dll
29/2/2020 - 2:46:54.122Open1480C:\malware.exeC:\Windows\System32\rtutils.dll
29/2/2020 - 2:46:54.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
29/2/2020 - 2:46:54.168Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
29/2/2020 - 2:46:54.168Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
29/2/2020 - 2:46:54.168Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
29/2/2020 - 2:46:54.168Open1480C:\malware.exeC:\Windows\System32\wship6.dll
29/2/2020 - 2:46:54.168Open1480C:\malware.exeC:\Windows\System32\wship6.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.168Open1480C:\malware.exeC:\Windows\System32\tzres.dll
29/2/2020 - 2:46:54.168Open1480C:\malware.exeC:\Windows\System32\tzres.dll
29/2/2020 - 2:46:54.184Open1480C:\malware.exeC:\Windows\System32\tzres.dll
29/2/2020 - 2:46:54.184Open1480C:\malware.exeC:\Windows\System32\tzres.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.184Open1480C:\malware.exeC:\Windows\System32\pt-BR\KernelBase.dll.mui
29/2/2020 - 2:46:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\winhttp.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\webio.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\webio.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\webio.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\SspiCli.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\cryptsp.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\credssp.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\credssp.dll
29/2/2020 - 2:46:54.403Open1480C:\malware.exeC:\Windows\System32\credssp.dll
29/2/2020 - 2:46:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.497Open1480C:\malware.exeC:\IPHLPAPI.DLL
29/2/2020 - 2:46:54.497Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
29/2/2020 - 2:46:54.497Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
29/2/2020 - 2:46:54.497Open1480C:\malware.exeC:\WINNSI.DLL
29/2/2020 - 2:46:54.497Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
29/2/2020 - 2:46:54.497Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
29/2/2020 - 2:46:54.497Open1480C:\malware.exeC:\dhcpcsvc6.DLL
29/2/2020 - 2:46:54.497Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
29/2/2020 - 2:46:54.497Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
29/2/2020 - 2:46:54.497Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
29/2/2020 - 2:46:54.497Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
29/2/2020 - 2:46:54.543Open1480C:\malware.exeC:\dhcpcsvc.DLL
29/2/2020 - 2:46:54.543Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
29/2/2020 - 2:46:54.543Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\CRYPTSP.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\RpcRtRemote.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
29/2/2020 - 2:46:54.731Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
29/2/2020 - 2:46:54.731Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
29/2/2020 - 2:46:54.731Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
29/2/2020 - 2:46:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
29/2/2020 - 2:46:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:47:16.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:16.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:16.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:16.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:16.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:16.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:16.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:16.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:16.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:16.778Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:16.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:16.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:16.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
29/2/2020 - 2:47:17.59Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.59Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
29/2/2020 - 2:47:17.59Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:17.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:17.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
29/2/2020 - 2:47:17.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
29/2/2020 - 2:47:17.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
29/2/2020 - 2:47:17.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.293Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.434Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.481Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:17.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:17.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:18.43Unknown1480C:\malware.exeC:\Monitor\Ionic.zip.dllIonic.zip.dll
29/2/2020 - 2:47:18.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:18.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:47:18.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:47:18.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:18.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:47:18.90Open1480C:\malware.exeC:\shfolder.dll
29/2/2020 - 2:47:18.90Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
29/2/2020 - 2:47:18.90Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
29/2/2020 - 2:47:18.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\pak.zip
29/2/2020 - 2:47:18.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\pak.zip
29/2/2020 - 2:47:18.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:18.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:18.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:47:18.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:47:18.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:18.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
29/2/2020 - 2:47:39.215Open1480C:\malware.exeC:\Windows\assembly\GAC_64\Ionic.Zip\1.9.1.8__edbe51ad942a3f5c
29/2/2020 - 2:47:39.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Ionic.Zip\1.9.1.8__edbe51ad942a3f5c
29/2/2020 - 2:47:39.215Open1480C:\malware.exeC:\Windows\assembly\GAC\Ionic.Zip\1.9.1.8__edbe51ad942a3f5c
29/2/2020 - 2:47:39.215Open1480C:\malware.exeC:\Ionic.Zip.dll
29/2/2020 - 2:47:39.215Open1480C:\malware.exeC:\Ionic.Zip\Ionic.Zip.dll
29/2/2020 - 2:47:39.215Open1480C:\malware.exeC:\Ionic.Zip.exe
29/2/2020 - 2:47:39.215Open1480C:\malware.exeC:\Ionic.Zip\Ionic.Zip.exe
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:39.231Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:39.231Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.exe
29/2/2020 - 2:47:39.231Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.exe
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
29/2/2020 - 2:47:39.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
29/2/2020 - 2:47:39.247Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
29/2/2020 - 2:47:39.247Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 2:47:39.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:47:39.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:47:39.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Open1480C:\malware.exeC:\malware.PDB
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.247Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.247Read1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\YHDESAA.pdb
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\symbols\exe\YHDESAA.pdb
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\exe\YHDESAA.pdb
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\YHDESAA.pdb
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\version.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\System32\version.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\System32\version.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
29/2/2020 - 2:47:39.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
29/2/2020 - 2:47:39.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
29/2/2020 - 2:47:39.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
29/2/2020 - 2:47:39.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
29/2/2020 - 2:47:39.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
29/2/2020 - 2:47:39.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.543Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
29/2/2020 - 2:47:39.543Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
29/2/2020 - 2:47:39.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.590Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll.Config
29/2/2020 - 2:47:39.590Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
29/2/2020 - 2:47:39.590Open1480C:\malware.exeC:\malware.exe.Local
29/2/2020 - 2:47:39.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
29/2/2020 - 2:47:39.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
29/2/2020 - 2:47:39.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
29/2/2020 - 2:47:39.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
29/2/2020 - 2:47:39.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
29/2/2020 - 2:47:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
29/2/2020 - 2:46:7.887Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
29/2/2020 - 2:46:54.122Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
29/2/2020 - 2:46:54.122Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
29/2/2020 - 2:46:54.122Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32FileTracingMask
29/2/2020 - 2:46:54.122Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
29/2/2020 - 2:46:54.122Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32MaxFileSize
29/2/2020 - 2:46:54.122Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32FileDirectory
29/2/2020 - 2:46:54.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSEnableFileTracing
29/2/2020 - 2:46:54.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSEnableConsoleTracing
29/2/2020 - 2:46:54.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSFileTracingMask
29/2/2020 - 2:46:54.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSConsoleTracingMask
29/2/2020 - 2:46:54.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSMaxFileSize
29/2/2020 - 2:46:54.200Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSFileDirectory

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.

Response
computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255


TCP
Info
computer localhost:65192 arrow_forward 172.245.126.26:80
computer localhost:65191 arrow_forward 172.245.126.26:80

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 61.06%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.94%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 54.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 67.11%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 98.37%
suspicious: False cancel

Add to Collection
Download