Report #8388 check_circle

  • Creation Date: March 3, 2020, 4:23 p.m.
  • Last Update: March 3, 2020, 5:18 p.m.
  • File: Cobrança_Anexo.exe
  • Results:
Binary
DLL
False cancel
Size
151.00KB
trid
41.7% DirectShow filter
24.1% Windows ActiveX control
15.1% Generic CIL Executable
6.4% Win32 Executable MS Visual C++
5.7% Win64 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
271a8b9558755cc24d7cefed9a8b736f
sha1
bfce962a01874dab3e2230408c936913b954f106
crc32
0xb7b8b2
sha224
66573a72f7de9d11f25f6a9970cb0e91562af878e89fb793e695dc2c
sha256
8ea4720626bb1d0958b811bf485798f32c78f402070efb9131837bae4d0f51e6
sha384
8e040eb74939ea30fa3b739d5d507e0f282a3105092a3c04b78224d58f493bd0594401c47b43d8bc9728c63a879cbaff
sha512
32f7cc0c333a6d22ffc67203f328974fa754e9341b17e5b82927813eb2ded45a4428037da93bdf07514482c31924147aeb5e5d3bba03bb4ee5474916343a63e7
ssdeep
3072:CzNcOKzGL34jTLUlLD0NzpDudk61bugpu/z3HP/Ummx1qouwezk3w0xyL:62Q4CLD0Nzg1bnO3gStQa
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasDebugData, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, Microsoft_Visual_Studio_NET, NET_executable_, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, NET_executable, network_tcp_socket, screenshot, IP, contentis_base64, keylogger, NETexecutableMicrosoft, IsWindowsGUI, url, IsNET_EXE, Microsoft_Visual_C_Basic_NET, win_registry, Browsers, System_Tools, Big_Numbers2

Suspicious
True check_circle

Strings
List
C:\a7\WindowsApplication1\WindowsApplication1\obj\Release\WindowsApplication1.pdb
My.Computer
System.IO
System.Net
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
WindowsApplication1.My
3http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
3http://crl.microsoft.com/pki/crl/products/tspca.crl0H
,http://www.microsoft.com/pki/certs/tspca.crt0
,http://www.microsoft.com/pki/certs/CSPCA.crt0
System.ComponentModel.Design
\Internet Explorer\iexplore.exe
System.Net.Sockets
http://microsoft.com0
System.Security.AccessControl
\Internet Explorer\mswinsck.ocx
MSWNSK98.chm
WSOCK32.dll
hhctrl.ocx
SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
4System.Web.Services.Protocols.SoapHttpClientProtocol
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
\a.dll
Host is down.
RegSvr32.exe /s
Network subsystem failed9The network cannot be reached from this host at this time1Connection has timed out when SO_KEEPALIVE is set5Connection is aborted due to timeout or other failure&The connection is reset by remote side
Socket is not connectedWWW
"255.255.255.255
CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
WindowsApplication1.My.Resources
2.0.0.0
9.0.0.0
8.0.0.0
Error occurred;
Destination address is requiredAThe datagram is too large to fit into the buffer and is truncated3The specified port is the wrong type of this socket
RemoteP&ort
System.Windows.Forms.Form
Socket is not connected
Socket has a pending request(Socket is resolving remote computer name(Socket has resolved remote computer name'Socket is connecting to remote computer'Socket has connected to remote computer/Socket is closing connection to remote computer
Winsock methods and events"Returns the remote host IP address
3System.Resources.Tools.StronglyTypedResourceBuilder
Apartment
Socket has resolved remote computer nameWW'
Socket is resolving remote computer nameWW(
DeleteSubKeyTree
sckClosedWWWX
BytesReceivedWWWd
The connection is reset by remote side
pass
System.Windows.Forms
Address is not available from the local machineWWW
Socket is connecting to remote computerWWW'
Socket has connected to remote computerWWW/
Socket is currently openWW
Socket is currently open Socket is listening for requests
Socket is currently closed
Socket is currently closed
HKEY_CLASSES_ROOT
=Socket is non-blocking and the specified operation will block+A blocking winsock operation is in progressAThe operation is completed. No blocking operation is in progress.
The network cannot be reached from this host at this timeW1
Socket is closing connection to remote computerWWW
HKEY_LOCAL_MACHINE
Socket has a pending requestWW(
WindowsApplication1.exe
WindowsApplication1.exe
WindowsApplication1.exe
Socket is already connectedWWW
Socket has encountered an errorWWW
Network subsystem is unavailable WINSOCK.DLL version out of range"WinsockInit should be called first
Socket is listening for requestsWW
Socket has been shut downW
requestedExecutionLevel node with one of the following.
Graceful shutdown in progress.
SOFTWARE\\Classes\\CLSID\\
OCX\MSWINSCK.dbg
Connect to the remote computer'Listen for incoming connection requests%Accept an incoming connection request
mscoree.dll
\InprocServer32
Socket is already connected
add_Shutdown
Socket has been shut down
Connection has timed out when SO_KEEPALIVE is setW5
User-Agent
\InprocServer
_RemoteHostWd
Remote&Host
get_UserName
Registra_BHO
get_ResourceManager
set_ShutdownStyle
+ListenWWd
TcpClient
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
explorer C:\
AddFileSecurity
No route to host.

Foremost
Matches
0.exe, 151 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 255.255.255.255, 1, record
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed: http://www.microsoft.com/pki/certs/cspca.crt0, http://microsoft.com0, http://crl.microsoft.com/pki/crl/products/cspca.crl0h, http://crl.microsoft.com/pki/crl/products/tspca.crl0h, http://www.microsoft.com/pki/certs/tspca.crt0, http://www.w3.org/2001/xmlschema-instance
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: \a.dll, ADVAPI32.dll, ole32.dll, VERSION.DLL, GDI32.dll, USER32.dll, OLEAUT32.dll, KERNEL32.dll, mscoree.dll, WSOCK32.dll
hasFiles: True check_circle
Suspicious: MSWINSCK.OCX, \Internet Explorer\mswinsck.ocx, hhctrl.ocx
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4608
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .sdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 156958
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, ole32.dll, version.dll, gdi32.dll, user32.dll, oleaut32.dll, kernel32.dll, mscoree.dll, wsock32.dll
hasLibs: True check_circle
Suspicious: \a.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-04-23 20:41:57
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
1322
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 4
.sdata: 1

pushpopmath
.text: 21

ss register
.text: 1

garbagebytes
.text: 1
.sdata: 1

software breakpoint
.text: 2

programcontrolflowchange
.text: 1
.sdata: 1

cpuinstructionsresultscomparison
.text: 8

AVclass
banload
1
VirusTotal
md5
271a8b9558755cc24d7cefed9a8b736f
sha1
bfce962a01874dab3e2230408c936913b954f106
SCANS (DETECTION RATE = 68.42%)
AVG
result: Downloader.MSIL.ALNZ
update: 20150611
version: 15.0.0.4355
detected: True check_circle

CMC
update: 20150610
version: 1.1.0.977
detected: False cancel

Bkav
update: 20150610
version: 1.3.0.6379
detected: False cancel

K7GW
result: Trojan-Downloader ( 004bdf691 )
update: 20150610
version: 9.204.16205
detected: True check_circle

ALYac
result: Gen:Variant.Kazy.597463
update: 20150610
version: 1.0.1.4
detected: True check_circle

Avast
result: MSIL:Broban-B [Trj]
update: 20150611
version: 8.0.1489.320
detected: True check_circle

Avira
result: TR/Dropper.Gen
update: 20150611
version: 8.3.1.6
detected: True check_circle

Cyren
result: W32/Trojan.VKTM-2459
update: 20150611
version: 5.4.16.7
detected: True check_circle

DrWeb
update: 20150611
version: 7.0.13.5270
detected: False cancel

GData
result: Gen:Variant.Kazy.597463
update: 20150611
version: 25
detected: True check_circle

Panda
result: Trj/CI.A
update: 20150610
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.MSIL.Banload
update: 20150610
version: 3.12.26.4
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20150611
version: 41016
detected: True check_circle

Zoner
update: 20150609
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20150611
version: 1.5.0.21
detected: True check_circle

ClamAV
update: 20150610
version: 0.98.5.0
detected: False cancel

Comodo
update: 20150611
version: 22412
detected: False cancel

F-Prot
update: 20150610
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.MSIL.Banload
update: 20150611
version: T3.1.9.5.0
detected: True check_circle

McAfee
result: RDN/PWS-Banker!dx
update: 20150611
version: 6.0.5.614
detected: True check_circle

Rising
update: 20150610
version: 25.0.0.17
detected: False cancel

Sophos
update: 20150611
version: 4.98.0
detected: False cancel

Zillya
result: Downloader.Banload.Win32.62331
update: 20150610
version: 2.0.0.2217
detected: True check_circle

Agnitum
result: Trojan.DL.Banload!BXGMWuJAq7c
update: 20150609
version: 5.5.1.3
detected: True check_circle

Alibaba
update: 20150610
version: 1.0
detected: False cancel

Arcabit
result: Trojan.Kazy.D91DD7
update: 20150611
version: 1.0.0.425
detected: True check_circle

Tencent
result: Trojan.Win32.YY.Gen.18
update: 20150611
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20150611
version: 2014.3.20.0
detected: False cancel

Ad-Aware
result: Gen:Variant.Kazy.597463
update: 20150611
version: 12.0.163.0
detected: True check_circle

AegisLab
update: 20150611
version: 1.5
detected: False cancel

ByteHero
update: 20150611
version: 1.0.0.1
detected: False cancel

Emsisoft
result: Gen:Variant.Kazy.597463 (B)
update: 20150611
version: 3.5.0.636
detected: True check_circle

F-Secure
result: Gen:Variant.Kazy.597463
update: 20150611
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: MSIL/Banload.BE!tr.dldr
update: 20150610
version: 5.0.999.0
detected: True check_circle

Jiangmin
result: TrojanDownloader.MSIL.djz
update: 20150610
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20150611
version: 2013.4.9.267
detected: False cancel

Symantec
result: Trojan.Gen.2
update: 20150611
version: 20141.2.0.56
detected: True check_circle

nProtect
update: 20150610
version: 2015-06-10.02
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Gen
update: 20150610
version: 2015.06.11.00
detected: True check_circle

Antiy-AVL
result: Trojan[Downloader]/MSIL.Banload
update: 20150610
version: 1.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.MSIL.Banload.bfj
update: 20150610
version: 15.0.1.10
detected: True check_circle

Microsoft
result: TrojanDownloader:MSIL/BrobanDel.A
update: 20150610
version: 1.1.11701.0
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20150611
version: 1.0.0.1015
detected: True check_circle

TheHacker
update: 20150609
version: 6.8.0.5.576
detected: False cancel

ESET-NOD32
result: a variant of MSIL/TrojanDownloader.Banload.BE
update: 20150610
version: 11767
detected: True check_circle

TrendMicro
result: TROJ_GEN.R072C0DE215
update: 20150611
version: 9.740.0.1012
detected: True check_circle

BitDefender
result: Gen:Variant.Kazy.597463
update: 20150610
version: 7.2
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 004bdf691 )
update: 20150610
version: 9.204.16204
detected: True check_circle

Malwarebytes
result: Trojan.Banker.NFGen
update: 20150610
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20150610
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.MSIL.r4
update: 20150610
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.drcwnw
update: 20150610
version: 0.30.24.2086
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Kazy.597463
update: 20150610
version: 12.0.250.0
detected: True check_circle

SUPERAntiSpyware
update: 20150611
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/PWS-Banker!dx
update: 20150610
version: v2015
detected: True check_circle

Baidu-International
result: Trojan.Win32.Banload.bfj
update: 20150610
version: 3.5.1.41473
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R072C0DE215
update: 20150611
version: 9.700.0.1001
detected: True check_circle

total
57
sha256
8ea4720626bb1d0958b811bf485798f32c78f402070efb9131837bae4d0f51e6
scan_id
8ea4720626bb1d0958b811bf485798f32c78f402070efb9131837bae4d0f51e6-1433985231
resource
271a8b9558755cc24d7cefed9a8b736f
positives
39
scan_date
2015-06-11 01:13:51
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/3/2020 - 16:45:44.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:44.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:44.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:44.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:44.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:44.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:44.340Open1480C:\malware.exeC:\malware.exe.config
3/3/2020 - 16:45:44.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/3/2020 - 16:45:44.356Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 16:45:44.356Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 16:45:44.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
3/3/2020 - 16:45:44.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
3/3/2020 - 16:45:44.372Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat
3/3/2020 - 16:45:44.372Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
3/3/2020 - 16:45:44.372Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:44.700Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:45:44.747Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:45:44.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:45:46.106Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\
3/3/2020 - 16:45:46.106Unknown1480C:\malware.exeC:\
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Monitor
3/3/2020 - 16:45:46.106Unknown1480C:\malware.exeC:\Monitor
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 16:45:46.106Unknown1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:45:46.106Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\CRYPTBASE.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
3/3/2020 - 16:45:46.106Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
3/3/2020 - 16:45:46.106Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
3/3/2020 - 16:45:46.106Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/3/2020 - 16:45:46.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\malware.config
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:45:46.168Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 16:45:46.168Unknown1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\Windows\System32\l_intl.nls
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:45:46.168Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
3/3/2020 - 16:45:46.168Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:46.168Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\Windows\assembly\GAC_64\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 16:45:46.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 16:45:46.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 16:45:46.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 16:45:46.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:46.184Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
3/3/2020 - 16:45:46.184Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
3/3/2020 - 16:45:46.184Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
3/3/2020 - 16:45:46.200Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 16:45:46.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:45:46.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:45:46.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:45:47.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\VERSION.dll
3/3/2020 - 16:45:47.340Open1480C:\malware.exeC:\VERSION.dll
3/3/2020 - 16:45:47.340Open1480C:\malware.exeC:\Windows\System32\version.dll
3/3/2020 - 16:45:47.340Open1480C:\malware.exeC:\Windows\System32\version.dll
3/3/2020 - 16:45:47.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 16:45:47.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:47.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:47.387Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 16:45:47.387Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:47.387Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:45:47.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
3/3/2020 - 16:45:47.575Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.575Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
3/3/2020 - 16:45:47.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:48.372Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
3/3/2020 - 16:45:48.512Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.512Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
3/3/2020 - 16:45:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:48.934Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.106Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.106Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:50.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:50.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:50.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:50.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:45:50.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:51.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:51.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:45:51.825Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:52.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 16:45:52.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 16:45:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:52.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:52.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:52.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:52.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:52.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:52.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:53.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:53.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:45:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:55.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:55.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:56.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:56.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:56.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:56.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:56.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:56.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:56.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:56.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:57.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:57.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:57.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:58.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:58.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:58.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:58.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:59.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:59.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:45:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:45:59.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:45:59.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:0.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:0.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:0.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:0.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:0.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:0.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:0.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:0.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:0.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:0.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:0.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:0.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:0.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:0.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:0.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:0.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:1.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:1.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:1.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:1.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:1.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:1.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:1.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:1.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:1.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:1.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:1.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:1.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:1.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:1.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:1.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:1.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:1.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:1.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:2.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:2.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:2.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:2.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:2.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:2.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:2.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:2.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:3.28Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
3/3/2020 - 16:46:3.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:3.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:3.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:3.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:3.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:3.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:3.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:3.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:3.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:3.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:3.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:3.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:3.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:3.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:3.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:3.731Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:3.825Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:3.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:3.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:3.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:3.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:3.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:46:4.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:46:4.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:4.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:4.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:4.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:46:4.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:46:4.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:4.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:4.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:5.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:5.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:5.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:5.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:5.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:6.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:6.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:6.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:6.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:6.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:6.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:6.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:6.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 16:46:6.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:6.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:7.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:7.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:7.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:7.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:7.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:7.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:7.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:7.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:7.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:7.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/3/2020 - 16:46:8.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/3/2020 - 16:46:8.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 16:46:8.840Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 16:46:8.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 16:46:8.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:9.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:9.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:9.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:9.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:9.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:9.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Gdiplus.dll
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
3/3/2020 - 16:46:9.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\ShFolder.DLL
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 16:46:9.28Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 16:46:9.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\System32\GDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 16:46:9.28Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 16:46:9.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:9.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:9.28Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 16:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 16:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 16:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 16:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 16:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 16:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 16:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 16:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 16:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 16:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 16:46:9.106Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 16:46:9.122Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 16:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 16:46:9.153Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 16:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 16:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 16:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 16:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 16:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 16:46:9.200Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 16:46:9.215Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 16:46:9.215Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 16:46:9.231Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 16:46:9.231Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 16:46:9.247Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 16:46:9.247Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 16:46:9.247Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 16:46:9.247Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 16:46:9.262Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 16:46:9.262Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 16:46:9.262Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 16:46:9.278Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 16:46:9.622Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 16:46:9.622Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 16:46:9.622Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 16:46:9.762Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 16:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 16:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 16:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 16:46:10.137Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 16:46:10.465Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 16:46:10.465Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 16:46:10.465Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 16:46:10.793Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 16:46:11.122Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 16:46:11.122Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 16:46:11.122Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 16:46:11.497Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 16:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 16:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 16:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 16:46:12.247Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 16:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 16:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 16:46:12.622Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 16:46:13.137Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 16:46:13.512Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 16:46:13.512Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 16:46:13.512Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 16:46:13.512Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 16:46:13.512Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 16:46:14.28Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 16:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 16:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 16:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 16:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 16:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 16:46:14.590Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 16:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 16:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 16:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 16:46:15.106Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 16:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 16:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 16:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 16:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 16:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 16:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 16:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 16:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 16:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 16:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 16:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 16:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 16:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 16:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 16:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 16:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 16:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 16:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 16:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 16:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 16:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 16:46:16.840Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 16:46:16.981Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 16:46:17.75Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 16:46:17.75Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 16:46:17.75Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 16:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 16:46:17.262Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 16:46:17.262Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 16:46:17.262Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 16:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 16:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 16:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 16:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 16:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 16:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 16:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 16:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 16:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 16:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 16:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 16:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 16:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 16:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 16:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 16:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 16:46:17.825Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 16:46:17.965Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 16:46:17.965Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 16:46:17.965Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 16:46:18.106Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 16:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 16:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 16:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 16:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 16:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 16:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 16:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 16:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 16:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 16:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 16:46:18.293Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 16:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 16:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 16:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 16:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 16:46:18.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 16:46:18.575Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 16:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 16:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 16:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 16:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 16:46:18.950Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 16:46:19.43Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 16:46:19.43Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 16:46:19.43Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 16:46:19.168Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 16:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 16:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 16:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 16:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 16:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 16:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 16:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 16:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 16:46:19.872Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 16:46:19.872Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 16:46:19.872Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 16:46:19.872Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 16:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 16:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 16:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 16:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 16:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 16:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 16:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 16:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 16:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 16:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 16:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 16:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 16:46:20.200Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 16:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 16:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 16:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 16:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 16:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 16:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 16:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 16:46:20.481Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 16:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 16:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 16:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 16:46:20.668Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 16:46:20.668Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 16:46:20.668Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 16:46:20.668Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 16:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 16:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 16:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 16:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 16:46:20.856Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 16:46:20.856Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 16:46:20.856Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 16:46:20.856Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 16:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 16:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 16:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 16:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 16:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 16:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 16:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 16:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 16:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 16:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 16:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 16:46:21.184Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 16:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 16:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 16:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 16:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 16:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 16:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 16:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 16:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 16:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 16:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 16:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 16:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 16:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 16:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 16:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 16:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 16:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 16:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 16:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 16:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 16:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 16:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 16:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 16:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 16:46:21.887Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 16:46:21.887Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 16:46:21.887Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 16:46:21.887Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 16:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 16:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 16:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 16:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 16:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 16:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 16:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 16:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 16:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 16:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 16:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 16:46:22.168Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 16:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 16:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 16:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 16:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 16:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 16:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 16:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 16:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 16:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 16:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 16:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 16:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 16:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 16:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 16:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 16:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 16:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 16:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 16:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 16:46:22.637Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 16:46:22.825Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 16:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 16:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 16:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 16:46:23.12Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 16:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 16:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 16:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 16:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 16:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 16:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 16:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 16:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 16:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 16:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 16:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 16:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 16:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 16:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 16:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 16:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 16:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 16:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 16:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 16:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 16:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 16:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 16:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 16:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 16:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 16:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 16:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 16:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 16:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 16:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 16:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 16:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 16:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 16:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 16:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 16:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 16:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 16:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 16:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 16:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 16:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 16:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 16:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 16:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 16:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 16:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 16:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 16:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 16:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 16:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 16:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 16:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 16:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 16:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 16:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 16:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 16:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 16:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 16:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 16:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 16:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 16:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 16:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 16:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 16:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 16:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 16:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 16:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 16:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 16:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 16:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\script.fon
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\script.fon
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\script.fon
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 16:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 16:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 16:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 16:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 16:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 16:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 16:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 16:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 16:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 16:46:25.293Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 16:46:25.293Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 16:46:25.293Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 16:46:25.293Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 16:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 16:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 16:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 16:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 16:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 16:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 16:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 16:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 16:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 16:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 16:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 16:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 16:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 16:46:26.43Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 16:46:26.43Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 16:46:26.43Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 16:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 16:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 16:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 16:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 16:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 16:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 16:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 16:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 16:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 16:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 16:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 16:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 16:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 16:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 16:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 16:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 16:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 16:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 16:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 16:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 16:46:26.606Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 16:46:26.606Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 16:46:26.606Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 16:46:26.606Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 16:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 16:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 16:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 16:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 16:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 16:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 16:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 16:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 16:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 16:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 16:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 16:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 16:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 16:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 16:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 16:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 16:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 16:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 16:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 16:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 16:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 16:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 16:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 16:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 16:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 16:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 16:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 16:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 16:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 16:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 16:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 16:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 16:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 16:46:28.434Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 16:46:28.434Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 16:46:28.434Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 16:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 16:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 16:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 16:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 16:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 16:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 16:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 16:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 16:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 16:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 16:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 16:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 16:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 16:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 16:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 16:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 16:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 16:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 16:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 16:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 16:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 16:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 16:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 16:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 16:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 16:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 16:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 16:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 16:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 16:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 16:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 16:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 16:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 16:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 16:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 16:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 16:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 16:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 16:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 16:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 16:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 16:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 16:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 16:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 16:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 16:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 16:46:29.606Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 16:46:29.606Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 16:46:29.700Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 16:46:29.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 16:46:29.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 16:46:29.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 16:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 16:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 16:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 16:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 16:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 16:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 16:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 16:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 16:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 16:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 16:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 16:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 16:46:30.75Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 16:46:30.75Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 16:46:30.75Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 16:46:30.75Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 16:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 16:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 16:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 16:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 16:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 16:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 16:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 16:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 16:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 16:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 16:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 16:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 16:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 16:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 16:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 16:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 16:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 16:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 16:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 16:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 16:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 16:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 16:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 16:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 16:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 16:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 16:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 16:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 16:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 16:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 16:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 16:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 16:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 16:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 16:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 16:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 16:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 16:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 16:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 16:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 16:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 16:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 16:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 16:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 16:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 16:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 16:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 16:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 16:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 16:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 16:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 16:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 16:46:31.387Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 16:46:31.387Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 16:46:31.387Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 16:46:31.387Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 16:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 16:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 16:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 16:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 16:46:31.575Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 16:46:31.575Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 16:46:31.575Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 16:46:31.575Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 16:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 16:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 16:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 16:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 16:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 16:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 16:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 16:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 16:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 16:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 16:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 16:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 16:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 16:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 16:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 16:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 16:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 16:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 16:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 16:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 16:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 16:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 16:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 16:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 16:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 16:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 16:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 16:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 16:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 16:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 16:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 16:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 16:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 16:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 16:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 16:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 16:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 16:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 16:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 16:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 16:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 16:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 16:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 16:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 16:46:32.918Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 16:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 16:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 16:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 16:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 16:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 16:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 16:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 16:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 16:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 16:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 16:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 16:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 16:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 16:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 16:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 16:46:33.622Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 16:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 16:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 16:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 16:46:33.950Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 16:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 16:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 16:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 16:46:34.278Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 16:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 16:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 16:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 16:46:34.793Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 16:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 16:46:35.262Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 16:46:35.262Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 16:46:35.262Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 16:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 16:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 16:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 16:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 16:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 16:46:36.59Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 16:46:36.59Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 16:46:36.59Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 16:46:36.200Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 16:46:36.434Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 16:46:36.434Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 16:46:36.434Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 16:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 16:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 16:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 16:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 16:46:36.622Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 16:46:36.622Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 16:46:36.622Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 16:46:36.622Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 16:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 16:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 16:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 16:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 16:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 16:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 16:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 16:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 16:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 16:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 16:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 16:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 16:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 16:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 16:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 16:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 16:46:37.43Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 16:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 16:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 16:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 16:46:37.231Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 16:46:37.278Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 16:46:37.278Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 16:46:37.278Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 16:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 16:46:37.465Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 16:46:37.465Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 16:46:37.465Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 16:46:37.606Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 16:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 16:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 16:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 16:46:37.747Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 16:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 16:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 16:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 16:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 16:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 16:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 16:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 16:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 16:46:38.215Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 16:46:38.215Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 16:46:38.215Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 16:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 16:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 16:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 16:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 16:46:38.497Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 16:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 16:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 16:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 16:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 16:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 16:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 16:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 16:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 16:46:38.825Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 16:46:38.825Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 16:46:38.825Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 16:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 16:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 16:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 16:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 16:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 16:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 16:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 16:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 16:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 16:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 16:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 16:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 16:46:39.293Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 16:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 16:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 16:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 16:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 16:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 16:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 16:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 16:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 16:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 16:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 16:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 16:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 16:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 16:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 16:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 16:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 16:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 16:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 16:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 16:46:41.356Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 16:46:41.356Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 16:46:41.356Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 16:46:41.356Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 16:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 16:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 16:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 16:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 16:46:41.637Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 16:46:41.637Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 16:46:41.637Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 16:46:41.637Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 16:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 16:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 16:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 16:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 16:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 16:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 16:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 16:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 16:46:41.965Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 16:46:41.965Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 16:46:41.965Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 16:46:41.965Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 16:46:42.59Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 16:46:42.59Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 16:46:42.59Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 16:46:42.59Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 16:46:42.153Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 16:46:42.153Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 16:46:42.153Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 16:46:42.153Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 16:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 16:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 16:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 16:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 16:46:42.340Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 16:46:42.340Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 16:46:42.340Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 16:46:42.340Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 16:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 16:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 16:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 16:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 16:46:42.622Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 16:46:42.622Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 16:46:42.622Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 16:46:42.622Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 16:46:42.762Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 16:46:42.762Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 16:46:42.762Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 16:46:42.762Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 16:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 16:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 16:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 16:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 16:46:42.997Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 16:46:42.997Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 16:46:42.997Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.43Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.90Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 16:46:43.137Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.184Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.231Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.278Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.325Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.372Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.418Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.465Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.559Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 16:46:43.559Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 16:46:43.559Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 16:46:43.559Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 16:46:43.700Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:44.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:44.75Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:44.75Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:44.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 16:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 16:46:44.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:44.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:44.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:44.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:44.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:45.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:45.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 16:46:45.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:45.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:46:45.293Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:46:45.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:45.559Open1480C:\malware.exeC:\dwmapi.dll
3/3/2020 - 16:46:45.559Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
3/3/2020 - 16:46:45.559Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
3/3/2020 - 16:46:45.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:45.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:46.122Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
3/3/2020 - 16:46:46.122Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
3/3/2020 - 16:46:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:46.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:46:46.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:46.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:46.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:46:46.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:46.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.293Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:46:47.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.387Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:46:47.387Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/3/2020 - 16:46:47.528Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/3/2020 - 16:46:47.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:48.372Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
3/3/2020 - 16:46:48.465Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.465Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
3/3/2020 - 16:46:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 16:46:48.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 16:46:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:49.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:49.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:49.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:49.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:49.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:50.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:50.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:50.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:50.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:50.887Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
3/3/2020 - 16:46:50.981Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:50.981Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
3/3/2020 - 16:46:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:46:51.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
3/3/2020 - 16:46:51.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:52.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:52.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:52.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
3/3/2020 - 16:46:52.434Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:52.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
3/3/2020 - 16:46:52.434Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:52.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
3/3/2020 - 16:46:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:52.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:53.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:53.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:53.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:53.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:53.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:53.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:53.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:53.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:53.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:53.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:53.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:53.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:53.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:53.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 16:46:53.512Open1480C:\malware.exeC:\malware.config
3/3/2020 - 16:46:53.512Open1480C:\malware.exeC:\malware.config
3/3/2020 - 16:46:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 16:46:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:54.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 16:46:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
3/3/2020 - 16:46:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.450Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
3/3/2020 - 16:46:54.450Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
3/3/2020 - 16:46:54.450Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
3/3/2020 - 16:46:54.450Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
3/3/2020 - 16:46:54.450Open1480C:\malware.exeC:\Windows\System32\wship6.dll
3/3/2020 - 16:46:54.450Open1480C:\malware.exeC:\Windows\System32\wship6.dll
3/3/2020 - 16:46:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.12Open1480C:\malware.exeC:\Windows\System32\tzres.dll
3/3/2020 - 16:46:55.12Open1480C:\malware.exeC:\Windows\System32\tzres.dll
3/3/2020 - 16:46:55.12Open1480C:\malware.exeC:\Windows\System32\tzres.dll
3/3/2020 - 16:46:55.12Open1480C:\malware.exeC:\Windows\System32\tzres.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.28Open1480C:\malware.exeC:\malware.config
3/3/2020 - 16:46:55.28Open1480C:\malware.exeC:\pt-BR\WindowsApplication1.resources.dll
3/3/2020 - 16:46:55.28Open1480C:\malware.exeC:\pt-BR\WindowsApplication1.resources\WindowsApplication1.resources.dll
3/3/2020 - 16:46:55.28Open1480C:\malware.exeC:\pt-BR\WindowsApplication1.resources.exe
3/3/2020 - 16:46:55.28Open1480C:\malware.exeC:\pt-BR\WindowsApplication1.resources\WindowsApplication1.resources.exe
3/3/2020 - 16:46:55.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
3/3/2020 - 16:46:55.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
3/3/2020 - 16:46:55.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:46:55.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:46:55.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:46:55.43Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\pt\WindowsApplication1.resources.dll
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\pt\WindowsApplication1.resources\WindowsApplication1.resources.dll
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\pt\WindowsApplication1.resources.exe
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\pt\WindowsApplication1.resources\WindowsApplication1.resources.exe
3/3/2020 - 16:46:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\Program Files\Internet Explorer\mswinsck.ocx
3/3/2020 - 16:46:55.43Write1480C:\malware.exeC:\Program Files\Internet Explorer\mswinsck.ocx
3/3/2020 - 16:46:55.43Unknown1480C:\malware.exeC:\Program Files\Internet Explorer\mswinsck.ocx
3/3/2020 - 16:46:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\a.dll
3/3/2020 - 16:46:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\rasapi32.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\Windows\System32\rasapi32.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\Windows\System32\rasapi32.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\rasman.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\Windows\System32\rasman.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\Windows\System32\rasman.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\rtutils.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\Windows\System32\rtutils.dll
3/3/2020 - 16:46:55.200Open1480C:\malware.exeC:\Windows\System32\rtutils.dll
3/3/2020 - 16:46:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.434Open1480C:\malware.exeC:\Windows\System32\pt-BR\KernelBase.dll.mui
3/3/2020 - 16:46:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.528Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
3/3/2020 - 16:46:55.528Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 16:46:55.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 16:46:55.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 16:46:55.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 16:46:55.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 16:46:55.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 16:46:55.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 16:46:55.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 16:46:55.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 16:46:55.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
3/3/2020 - 16:46:55.543Open1480C:\malware.exeC:\winhttp.dll
3/3/2020 - 16:46:55.543Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
3/3/2020 - 16:46:55.543Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
3/3/2020 - 16:46:55.543Open1480C:\malware.exeC:\webio.dll
3/3/2020 - 16:46:55.543Open1480C:\malware.exeC:\Windows\System32\webio.dll
3/3/2020 - 16:46:55.543Open1480C:\malware.exeC:\Windows\System32\webio.dll
3/3/2020 - 16:46:55.606Open1480C:\malware.exeC:\SspiCli.dll
3/3/2020 - 16:46:55.606Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
3/3/2020 - 16:46:55.606Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
3/3/2020 - 16:46:55.606Open1480C:\malware.exeC:\cryptsp.dll
3/3/2020 - 16:46:55.606Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
3/3/2020 - 16:46:55.606Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
3/3/2020 - 16:46:55.606Open1480C:\malware.exeC:\credssp.dll
3/3/2020 - 16:46:55.606Open1480C:\malware.exeC:\Windows\System32\credssp.dll
3/3/2020 - 16:46:55.606Open1480C:\malware.exeC:\Windows\System32\credssp.dll
3/3/2020 - 16:46:55.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.653Open1480C:\malware.exeC:\IPHLPAPI.DLL
3/3/2020 - 16:46:55.653Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
3/3/2020 - 16:46:55.653Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
3/3/2020 - 16:46:55.653Open1480C:\malware.exeC:\WINNSI.DLL
3/3/2020 - 16:46:55.653Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
3/3/2020 - 16:46:55.653Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
3/3/2020 - 16:46:55.653Open1480C:\malware.exeC:\dhcpcsvc6.DLL
3/3/2020 - 16:46:55.653Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
3/3/2020 - 16:46:55.653Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
3/3/2020 - 16:46:55.653Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
3/3/2020 - 16:46:55.653Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
3/3/2020 - 16:46:55.700Open1480C:\malware.exeC:\dhcpcsvc.DLL
3/3/2020 - 16:46:55.700Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
3/3/2020 - 16:46:55.700Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
3/3/2020 - 16:46:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\CRYPTSP.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.122Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
3/3/2020 - 16:46:56.137Open1480C:\malware.exeC:\RpcRtRemote.dll
3/3/2020 - 16:46:56.137Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
3/3/2020 - 16:46:56.137Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
3/3/2020 - 16:46:56.137Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
3/3/2020 - 16:46:56.137Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
3/3/2020 - 16:46:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
3/3/2020 - 16:46:56.184Open1480C:\malware.exeC:\DNSAPI.dll
3/3/2020 - 16:46:56.184Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
3/3/2020 - 16:46:56.184Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:56.278Open1480C:\malware.exeC:\rasadhlp.dll
3/3/2020 - 16:46:56.278Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
3/3/2020 - 16:46:56.278Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
3/3/2020 - 16:46:57.231Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
3/3/2020 - 16:46:57.231Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
3/3/2020 - 16:46:57.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:58.700Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\a.dll
3/3/2020 - 16:46:58.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\a.dll
3/3/2020 - 16:46:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\a.dll
3/3/2020 - 16:46:58.700Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\a.dll
3/3/2020 - 16:46:58.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\a.dll
3/3/2020 - 16:46:58.715Open1480C:\malware.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.715Write1480C:\malware.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.715Unknown1480C:\malware.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.715Open1480C:\malware.exeC:\ntmarta.dll
3/3/2020 - 16:46:58.715Open1480C:\malware.exeC:\Windows\System32\ntmarta.dll
3/3/2020 - 16:46:58.715Open1480C:\malware.exeC:\Windows\System32\ntmarta.dll
3/3/2020 - 16:46:58.715Open1480C:\malware.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.715Unknown1480C:\malware.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.731Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
3/3/2020 - 16:46:58.731Open1480C:\malware.exeC:\secur32.dll
3/3/2020 - 16:46:58.747Open1480C:\malware.exeC:\Windows\System32\secur32.dll
3/3/2020 - 16:46:58.747Open1480C:\malware.exeC:\Windows\System32\secur32.dll
3/3/2020 - 16:46:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.747Open1480C:\malware.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.747Open1480C:\malware.exeC:\Windows
3/3/2020 - 16:46:58.747Unknown1480C:\malware.exeC:\Windows
3/3/2020 - 16:46:58.747Unknown1480C:\malware.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.778Open1480C:\malware.exeC:\RegSvr32.exe
3/3/2020 - 16:46:58.778Open1480C:\malware.exeC:\Monitor\RegSvr32.exe
3/3/2020 - 16:46:58.778Open1480C:\malware.exeC:\Windows\System32\regsvr32.exe
3/3/2020 - 16:46:58.778Open1480C:\malware.exeC:\Windows\System32\regsvr32.exe
3/3/2020 - 16:46:58.778Open1480C:\malware.exeC:\Windows\System32\regsvr32.exe
3/3/2020 - 16:46:58.778Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
3/3/2020 - 16:46:58.778Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
3/3/2020 - 16:46:58.778Open1480C:\malware.exeC:\Windows\AppPatch\AppPatch64\sysmain.sdb
3/3/2020 - 16:46:58.793Open1480C:\malware.exeC:\Windows\AppPatch\AppPatch64\sysmain.sdb
3/3/2020 - 16:46:58.793Open1480C:\malware.exeC:\Windows\AppPatch\AppPatch64\sysmain.sdb
3/3/2020 - 16:46:58.793Unknown1480C:\malware.exeC:\Windows\System32\regsvr32.exe
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Monitor
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\sechost.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\sechost.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\RegSvr32.exe.Local
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
3/3/2020 - 16:46:58.825Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
3/3/2020 - 16:46:58.825Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
3/3/2020 - 16:46:58.825Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\apphelp.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\apphelp.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\AppPatch\AppPatch64\sysmain.sdb
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\regsvr32.exe
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\AppPatch\AppPatch64\AcGenral.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\AppPatch\AppPatch64\AcGenral.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\AppPatch\AppPatch64\AcGenral.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\sspicli.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\sspicli.dll
3/3/2020 - 16:46:58.825Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\sfc.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\sfc.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\sfc_os.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\sfc_os.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\dwmapi.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\dwmapi.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\mpr.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\mpr.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\regsvr32.exe
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\RegSvr32.exe.Config
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\imm32.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\imm32.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\imm32.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\imm32.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\imm32.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\imm32.dll
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\WindowsShell.Manifest
3/3/2020 - 16:46:58.840Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/3/2020 - 16:46:58.840Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\rpcss.dll
3/3/2020 - 16:46:58.856Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\rpcss.dll
3/3/2020 - 16:46:58.856Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\rpcss.dll
3/3/2020 - 16:46:58.856Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\rpcss.dll
3/3/2020 - 16:46:58.856Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\cryptbase.dll
3/3/2020 - 16:46:58.856Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
3/3/2020 - 16:46:58.856Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\cryptbase.dll
3/3/2020 - 16:46:58.856Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
3/3/2020 - 16:46:58.856Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\uxtheme.dll
3/3/2020 - 16:46:58.856Open876C:\Windows\System32\regsvr32.exeC:\Windows\System32\uxtheme.dll
3/3/2020 - 16:46:58.903Open876C:\Windows\System32\regsvr32.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.903Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.903Open876C:\Windows\System32\regsvr32.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.903Write876C:\Windows\System32\regsvr32.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.903Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.903Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.903Open876C:\Windows\System32\regsvr32.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.903Read876C:\Windows\System32\regsvr32.exeC:\Windows\gbclass2.dll
3/3/2020 - 16:46:58.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 16:46:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
3/3/2020 - 16:46:58.918Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
3/3/2020 - 16:46:58.918Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.918Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.918Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
3/3/2020 - 16:46:58.918Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:46:58.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Unknown876C:\Windows\System32\regsvr32.exeC:\Monitor
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Unknown876C:\Windows\System32\regsvr32.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\Windows\symbols\dll\mscorlib.pdb
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\Windows\dll\mscorlib.pdb
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\Windows\mscorlib.pdb
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\malware.PDB
3/3/2020 - 16:46:58.934Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.934Read1480C:\malware.exeC:\malware.exe
3/3/2020 - 16:46:58.950Open1480C:\malware.exeC:\WindowsApplication1.pdb
3/3/2020 - 16:46:58.950Open1480C:\malware.exeC:\Windows\symbols\exe\WindowsApplication1.pdb
3/3/2020 - 16:46:58.950Open1480C:\malware.exeC:\Windows\exe\WindowsApplication1.pdb
3/3/2020 - 16:46:58.950Open1480C:\malware.exeC:\Windows\WindowsApplication1.pdb
3/3/2020 - 16:46:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:59.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 16:46:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:46:59.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:59.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 16:46:59.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:46:59.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
3/3/2020 - 16:47:8.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 16:49:8.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll

Process
Trace
3/3/2020 - 16:46:58.778Create1480C:\malware.exe876C:\Windows\System32\regsvr32.exe
3/3/2020 - 16:46:58.918Terminate1480C:\malware.exe876C:\Windows\System32\regsvr32.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
3/3/2020 - 16:46:9.28Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
3/3/2020 - 16:46:55.28Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System0
3/3/2020 - 16:46:55.200Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
3/3/2020 - 16:46:55.200Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
3/3/2020 - 16:46:55.200Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32FileTracingMask
3/3/2020 - 16:46:55.200Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
3/3/2020 - 16:46:55.200Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32MaxFileSize
3/3/2020 - 16:46:55.200Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32FileDirectory
3/3/2020 - 16:46:55.528Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSEnableFileTracing
3/3/2020 - 16:46:55.528Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSEnableConsoleTracing
3/3/2020 - 16:46:55.528Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSFileTracingMask
3/3/2020 - 16:46:55.528Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSConsoleTracingMask
3/3/2020 - 16:46:55.528Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSMaxFileSize
3/3/2020 - 16:46:55.528Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASMANCSFileDirectory
3/3/2020 - 16:46:58.762Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runinternet
3/3/2020 - 16:46:58.950Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID
3/3/2020 - 16:46:58.950Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID
3/3/2020 - 16:46:58.950Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\wow6432\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
3/3/2020 - 16:46:58.950Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\InprocServer32
3/3/2020 - 16:46:58.950Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\InprocServer32ThreadingModel
3/3/2020 - 16:46:58.950Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\InprocServer32
3/3/2020 - 16:46:58.950Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\InprocServer32ThreadingModel
3/3/2020 - 16:46:58.950Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code ge.tt.
computer localhost arrow_forward computer gateway:DNS code api.ge.tt.
computer localhost arrow_forward computer gateway:59829 code ferramentas2015.ddns.net.
computer localhost arrow_forward computer gateway:DNS code ge.tt.
computer localhost arrow_forward computer gateway:DNS code ferramentas2015.ddns.net.

Response
computer gateway:DNS arrow_forward computer localhost code ge.tt. reply_all 54.228.207.151

computer gateway:DNS arrow_forward computer localhost code api.ge.tt. reply_all 46.51.174.223


TCP
Info
computer localhost:65191 arrow_forward 46.137.160.189:80
46.137.160.189:80 arrow_forward computer localhost:65191
computer localhost:65192 arrow_forward 176.34.106.42:80
176.34.106.42:80 arrow_forward computer localhost:65192

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:59829 arrow_forward computer localhost:53

HTTP
Info
computer localhost send GET api.ge.tt attach_file /1/files/5UswDbE2/0/blob?download
computer localhost send GET ge.tt attach_file /api/1/files/5UswDbE2/0/blob?download
computer localhost send GET ge.tt attach_file /5UswDbE2/v/0

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 62.42%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 98.06%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 40.33%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 87.29%
suspicious: False cancel

Add to Collection
Download