Report #8422 check_circle

Binary
DLL
False cancel
Size
179.00KB
trid
35.3% Generic CIL Executable
20.7% InstallShield setup
15.0% Win32 Executable MS Visual C++
13.3% Win64 Executable
6.3% Windows screen saver
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e30f262284e261641dbe0c33b8b10bfd
sha1
8352df76c24a1c6684ad93aaca6cb5d4bbe21ee1
crc32
0x801d45fa
sha224
3e8091157c8f27e619b58be0383aeda3b3d079923147cc413278c0c0
sha256
26212d6ce3b3dc7d7098a7b47eebc46dbc7be6f7a630abe436f2610080f49e5f
sha384
6c95fb468cab314abde5395c1485a6c991e3edbab68567f52e908f74dd9dfafeb5568195e770ee2b1a8efc5e8e12b487
sha512
77e9456c8375e78b185f2ef0592cbb04fcb31e9e2d3fccdcf65e5eb3efcd7dfef57549979061604def9ce72274fcf2399a87fccb0a46f56116639d438d9b7882
ssdeep
3072:YzJ+lM+sEvWfROJLhfJpreQ00ws/R3b/rz3qh8stW/NK96D:/WROJNhpeBUDnqXW/g96
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IP, domain, HasDebugData, CRC32_poly_Constant, escalate_priv, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET, NET_executable_, win_files_operation, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, NET_executable, win_mutex, Microsoft_Visual_Studio_NET_additional, win_token, contentis_base64, NETexecutableMicrosoft, IsWindowsGUI, url, IsNET_EXE, Microsoft_Visual_C_Basic_NET, win_registry

Suspicious
True check_circle

Strings
List
http://104.238.191.166/junvs.zip
http://www.info-zip.org/UnZip.html
see ftp://ftp.info-zip.org/pub/infozip/UnZip.html for other sites.
Latest sources and executables are at ftp://ftp.info-zip.org/pub/infozip/ ;
bug reports using http://www.info-zip.org/zip-bug.html; see README for details.
C:\Users\Admin\Desktop\Lord\UACTest2\BBS\BBS\obj\x86\Release\BBS.pdb
unzip data1 -x joe => extract all files except joe from zipfile data1.zip
rezlappx.zip
My.Computer
System.IO
System.Net
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
Info-Zip <www.info-zip.org>
2005 Info-Zip <www.info-zip.org>
System.ComponentModel.Design
GNU for Win32 <gnuwin32.sourceforge.net>
BBS.My
compressed WinNT security data missing (%d bytes)%s
unzip.exe
Microsoft Windows Server&nbsp;2003 family,
System.Security.Principal
BBS.My.Resources
4System.Web.Services.Protocols.SoapHttpClientProtocol
Examples (see unzip.txt for more info):
%lu file%s, %lu bytes uncompressed, %lu bytes compressed: %s%d.%d%%
15.0.0.0
13.0.0.0
15.0.0.0
15.0.0.0
file security status: %sencrypted
\\.\vwin32
[%s] %s password:
\moc.exe
compressed size: %lu bytes
uncompressed size: %lu bytes
Archive: %s
Archive: %s %ld %u
Archive: %s %ld bytes %u file%s
deflated
deflated
compression method: %s
or: unzip %s-Z%s [-12smlvChMtTz] file[.zip] [list...] [-x xlist...]
SeSecurityPrivilege
SeRestorePrivilege
10.0.0.0
8.0.0.0
4.0.0.0
UnZip %d.%d%d%s of %s, by Info-ZIP. Maintained by C. Spieler. Send
100%%
--More--(%lu)
System.Windows.Forms.Form
(%ld bytes security)
Usage: unzip %s[-opts[modifiers]] file[.zip] [list] [-x xlist] [-d exdir]
note: didn't find end-of-central-dir signature at end of central dir.
End-of-central-directory signature not found. Either this file is not
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
3System.Resources.Tools.StronglyTypedResourceBuilder
Entry Sequenced
skipping: %-22s %svolume label
No errors detected in compressed data of %s.
%s %s: %ld bytes required to uncompress to %lu bytes;
minimum software version required to extract: %u.%u
compressed EA data missing (%d bytes)%s
%s: stored in VMS format. Extract anyway? (y/n)
The 128-bit MD5 signature is %s
s have a total of
Key Sequenced
Delete
s were
shrk
may be
was
has
length of file comment: %u characters
System.Windows.Forms
shrunk
MS-DOS file attributes (%02X hex): %s%s%s%s%s%s%s%s
updated: %lu directory entries with %lu bytes security
failed: %lu directory entries with %lu bytes security
skipping: %-22s unsupported compression method %u
unknown compression method for EAs (%u)
error: expected central file header signature not found (file #%lu).
%d archive%s successfully processed.
%8sing: %-22s %s%s
labelling %s %-22s
error: unsupported extra-field compression type (%u)--skipping
32-bit CRC value (hex): %.8lx
offset of local header from start of archive: %lu (%.8lXh) bytes
error: %s%s
compression sub-type (deflation): %s
%s %s %8lu
%s: unknown compression method
extended local header: %s
%lu file%s skipped because of unsupported compression or encoding.
error: %s%s %s
This zipfile constitutes disk %u of a multi-part archive. The central
%8lu %8lu %4s %lu file%s
%s ("^" ==> case
%u data bytes (%s).
%9lu %6lu %6lu %lu file%s

Foremost
Matches
0.exe, 179 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 104.238.191.166, 1, 104.238.191.166.vultr.com.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: ftp://ftp.info-zip.org/pub/infozip/, ftp://ftp.info-zip.org/pub/infozip/unzip.html, http://104.238.191.166/junvs.zip, http://www.info-zip.org/unzip.html, http://www.info-zip.org/zip-bug.html;
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: http://104.238.191.166/junvs.zip, kernel32.dll, USER32.dll, OLE32.dll, mscoree.dll, msvcrt.dll, ADVAPI32.DLL
hasFiles: True check_circle
Suspicious: rezlappx.zip, unzip data1 -x joe => extract all files except joe from zipfile data1.zip
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 3584
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .sdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 186750
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, user32.dll, ole32.dll, mscoree.dll, msvcrt.dll, advapi32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-09-27 21:16:30
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
1314
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 2

nopsequence
.text: 673

pushpopmath
.text: 35

ss register
.text: 1

cpuinstructionsresultscomparison
.text: 5

AVclass
banload
1
VirusTotal
md5
e30f262284e261641dbe0c33b8b10bfd
sha1
8352df76c24a1c6684ad93aaca6cb5d4bbe21ee1
SCANS (DETECTION RATE = 79.10%)
AVG
result: MSIL:Banker-DO [Trj]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180323
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
result: Trojan.GenericKD.2759216
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: MSIL:Banker-DO [Trj]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Spy.Banker.183296.2
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9912
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.QZUZ-7797
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.Siggen6.49706
update: 20180323
version: 7.0.28.2020
detected: True check_circle

GData
result: MSIL.Trojan-Downloader.Banload.P
update: 20180323
version: A:25.16478B:25.11859
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanBanker.Banbra
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65472
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180323
version: 28732
detected: True check_circle

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.MSIL.Banload
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXCB-NF!E30F262284E2
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Downloader.Banload!8.15B (TFE:C:h8dTOeyjWLU)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Troj/MSIL-EKP
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!U3ZUTRUGkOw
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.Banbra.Win32.24369
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Generic.D2A1A30
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan.Spy.Agkt
update: 20180323
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180323
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.2759216
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Banker.W32.Banbra.tihu!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.2759216 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.2759216
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: MSIL/Banload.EV!tr.dldr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: Trojan.Banker.Banbra.y
update: 20180323
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Infostealer.Bancos
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Malware/Win32.Generic.C1040712
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan[Banker]/Win32.Banbra
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:MSIL/Banload.AB
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20180323
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: Trojan/Downloader.Banload.eu
update: 20180319
version: 6.8.0.5.2551
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.284e26
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/TrojanDownloader.Banload.EU
update: 20180323
version: 17106
detected: True check_circle

TrendMicro
result: TROJ_BANLOAD.YWNLP
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Trojan.GenericKD.2759216
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_90% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
result: Trojan.Banker.LRD
update: 20180323
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.Banload
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banbra.dxjiow
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.2759216
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: GenericRXCB-NF!E30F262284E2
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_BANLOAD.YWNLP
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
26212d6ce3b3dc7d7098a7b47eebc46dbc7be6f7a630abe436f2610080f49e5f
scan_id
26212d6ce3b3dc7d7098a7b47eebc46dbc7be6f7a630abe436f2610080f49e5f-1521830180
resource
e30f262284e261641dbe0c33b8b10bfd
positives
53
scan_date
2018-03-23 18:36:20
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/3/2020 - 18:45:44.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/3/2020 - 18:45:44.590Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 18:45:44.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:45:44.590Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:45:44.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:45:44.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/3/2020 - 18:45:44.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/3/2020 - 18:45:44.606Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/3/2020 - 18:45:44.606Open1480C:\malware.exeC:\
3/3/2020 - 18:45:44.606Unknown1480C:\malware.exeC:\
3/3/2020 - 18:45:44.606Open1480C:\malware.exeC:\Windows
3/3/2020 - 18:45:44.606Unknown1480C:\malware.exeC:\Windows
3/3/2020 - 18:45:44.606Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:45:44.606Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:45:44.622Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/3/2020 - 18:45:44.622Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:44.622Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:44.622Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:44.622Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:44.622Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:44.622Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:44.622Open1480C:\malware.exeC:\malware.exe.config
3/3/2020 - 18:45:44.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/3/2020 - 18:45:45.418Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/3/2020 - 18:45:45.418Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/3/2020 - 18:45:45.418Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/3/2020 - 18:45:45.418Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/3/2020 - 18:45:45.418Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/3/2020 - 18:45:45.418Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/3/2020 - 18:45:45.418Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:45:45.418Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:45:45.418Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:45:45.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:45:45.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:45:45.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:45:45.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/3/2020 - 18:45:45.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/3/2020 - 18:45:45.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/3/2020 - 18:45:45.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/3/2020 - 18:45:45.434Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/3/2020 - 18:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.28Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:45:47.75Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:45:47.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 18:45:47.825Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\
3/3/2020 - 18:45:47.825Unknown1480C:\malware.exeC:\
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\Monitor
3/3/2020 - 18:45:47.825Unknown1480C:\malware.exeC:\Monitor
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 18:45:47.825Unknown1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 18:45:47.825Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
3/3/2020 - 18:45:47.825Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/3/2020 - 18:45:47.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\malware.config
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 18:45:47.872Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 18:45:47.872Unknown1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 18:45:47.872Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/3/2020 - 18:45:47.872Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:47.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:47.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 18:45:47.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 18:45:47.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/3/2020 - 18:45:47.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/3/2020 - 18:45:47.903Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 18:45:47.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:45:47.903Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:45:47.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:45:47.903Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/3/2020 - 18:45:47.903Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:48.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:48.106Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/3/2020 - 18:45:48.247Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.247Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/3/2020 - 18:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:48.747Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/3/2020 - 18:45:48.903Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:48.903Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/3/2020 - 18:45:48.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:49.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:50.497Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:45:50.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:51.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:45:51.434Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:45:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:51.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 18:45:51.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 18:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:52.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/3/2020 - 18:45:52.934Open1480C:\malware.exeC:\VERSION.dll
3/3/2020 - 18:45:52.934Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
3/3/2020 - 18:45:52.934Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
3/3/2020 - 18:45:52.934Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 18:45:52.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:52.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:52.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 18:45:52.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:52.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:53.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:53.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:55.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:55.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:55.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:55.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:55.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:55.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:55.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:56.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:56.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:56.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:56.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:57.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:57.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:57.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:57.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:57.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:57.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:45:57.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:57.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:57.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:57.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:57.950Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
3/3/2020 - 18:45:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:58.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:45:58.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:58.372Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.465Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.465Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:45:58.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:45:58.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:58.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:59.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:59.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:59.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:59.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:59.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:59.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.668Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:45:59.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:46:0.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:46:0.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:0.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:0.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:0.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:0.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:0.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:0.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:46:0.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 18:46:0.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:0.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/3/2020 - 18:46:1.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/3/2020 - 18:46:1.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 18:46:1.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 18:46:1.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 18:46:1.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:1.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:1.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:2.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:2.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:2.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:2.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:2.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:2.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:2.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:46:2.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:46:2.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:2.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:2.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:2.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:46:2.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:2.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:46:2.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:2.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:2.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:2.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:2.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:3.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/3/2020 - 18:46:3.12Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 18:46:3.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/3/2020 - 18:46:3.12Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/3/2020 - 18:46:3.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/3/2020 - 18:46:3.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\ShFolder.DLL
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:46:3.59Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 18:46:3.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:46:3.59Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 18:46:3.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:3.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:3.59Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 18:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 18:46:3.75Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 18:46:3.75Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 18:46:3.75Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 18:46:3.75Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 18:46:3.75Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 18:46:3.215Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 18:46:3.637Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 18:46:3.684Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 18:46:3.731Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 18:46:3.731Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 18:46:3.731Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 18:46:3.731Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 18:46:3.872Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 18:46:3.918Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 18:46:3.918Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 18:46:3.918Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 18:46:4.12Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 18:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 18:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 18:46:4.59Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 18:46:4.200Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 18:46:4.247Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 18:46:4.247Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 18:46:4.247Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 18:46:4.387Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 18:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 18:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 18:46:4.434Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 18:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 18:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 18:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 18:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 18:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 18:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 18:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 18:46:4.622Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 18:46:4.715Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 18:46:4.715Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 18:46:4.715Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 18:46:4.715Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 18:46:4.856Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 18:46:4.856Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 18:46:4.856Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 18:46:4.856Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 18:46:4.997Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 18:46:5.43Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 18:46:5.43Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 18:46:5.43Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 18:46:5.137Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 18:46:5.184Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 18:46:5.184Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 18:46:5.184Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 18:46:5.278Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 18:46:5.278Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 18:46:5.278Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 18:46:5.278Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 18:46:5.372Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 18:46:5.372Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 18:46:5.372Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 18:46:5.372Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 18:46:5.934Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 18:46:6.356Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 18:46:6.403Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 18:46:6.450Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 18:46:6.450Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 18:46:6.450Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 18:46:6.450Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 18:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 18:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 18:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 18:46:6.543Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 18:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 18:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 18:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 18:46:6.684Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 18:46:6.778Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 18:46:6.778Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 18:46:6.778Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 18:46:6.778Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 18:46:6.872Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 18:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 18:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 18:46:6.918Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 18:46:7.12Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 18:46:7.59Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 18:46:7.59Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 18:46:7.59Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 18:46:7.153Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 18:46:7.153Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 18:46:7.153Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 18:46:7.153Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 18:46:7.247Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 18:46:7.247Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 18:46:7.247Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 18:46:7.247Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 18:46:7.340Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 18:46:7.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 18:46:7.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 18:46:7.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 18:46:7.481Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 18:46:7.528Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 18:46:7.528Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 18:46:7.528Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 18:46:7.622Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 18:46:7.622Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 18:46:7.622Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 18:46:7.622Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 18:46:7.715Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 18:46:7.715Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 18:46:7.715Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 18:46:7.715Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 18:46:7.809Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 18:46:7.809Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 18:46:7.809Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 18:46:7.809Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 18:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 18:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 18:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 18:46:7.903Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 18:46:7.997Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 18:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 18:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 18:46:8.43Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 18:46:8.325Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 18:46:8.465Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 18:46:8.465Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 18:46:8.465Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 18:46:8.747Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 18:46:8.887Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 18:46:8.887Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 18:46:8.887Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 18:46:9.28Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 18:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 18:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 18:46:9.75Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 18:46:9.168Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 18:46:9.215Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 18:46:9.215Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 18:46:9.215Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 18:46:9.872Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 18:46:10.575Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 18:46:10.950Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 18:46:11.418Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 18:46:11.793Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 18:46:11.793Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 18:46:11.793Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 18:46:12.450Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 18:46:13.153Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 18:46:13.528Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 18:46:13.950Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 18:46:14.325Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 18:46:14.325Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 18:46:14.325Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 18:46:14.512Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 18:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 18:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 18:46:14.559Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 18:46:14.887Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 18:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 18:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 18:46:15.215Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 18:46:15.543Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 18:46:15.825Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 18:46:15.825Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 18:46:15.825Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 18:46:16.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 18:46:16.575Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 18:46:16.575Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 18:46:16.575Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 18:46:16.997Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 18:46:17.325Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 18:46:17.325Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 18:46:17.325Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 18:46:17.840Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 18:46:18.215Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 18:46:18.215Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 18:46:18.215Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 18:46:18.215Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 18:46:18.215Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 18:46:18.731Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 18:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 18:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 18:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 18:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 18:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 18:46:19.340Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 18:46:19.434Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 18:46:19.434Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 18:46:19.434Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 18:46:19.856Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 18:46:20.184Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 18:46:20.325Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 18:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 18:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 18:46:20.465Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 18:46:20.840Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 18:46:21.168Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 18:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 18:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 18:46:21.262Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 18:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 18:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 18:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 18:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 18:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 18:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 18:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 18:46:21.450Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 18:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 18:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 18:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 18:46:21.543Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 18:46:21.684Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 18:46:21.778Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 18:46:21.778Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 18:46:21.778Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 18:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 18:46:21.965Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 18:46:21.965Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 18:46:21.965Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 18:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 18:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 18:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 18:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 18:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 18:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 18:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 18:46:22.200Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 18:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 18:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 18:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 18:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 18:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 18:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 18:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 18:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 18:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 18:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 18:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 18:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 18:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 18:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 18:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 18:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 18:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 18:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 18:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 18:46:22.950Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 18:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 18:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 18:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 18:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 18:46:23.43Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 18:46:23.43Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 18:46:23.43Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 18:46:23.43Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 18:46:23.184Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 18:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 18:46:23.418Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 18:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 18:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 18:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 18:46:23.606Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 18:46:23.700Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 18:46:23.700Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 18:46:23.700Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 18:46:23.793Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 18:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 18:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 18:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 18:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 18:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 18:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 18:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 18:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 18:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 18:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 18:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 18:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 18:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 18:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 18:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 18:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 18:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 18:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 18:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 18:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 18:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 18:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 18:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 18:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 18:46:24.825Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 18:46:24.918Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 18:46:24.918Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 18:46:24.918Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 18:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 18:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 18:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 18:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 18:46:25.106Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 18:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 18:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 18:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 18:46:25.293Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 18:46:25.293Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 18:46:25.293Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 18:46:25.293Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 18:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 18:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 18:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 18:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 18:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 18:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 18:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 18:46:25.481Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 18:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 18:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 18:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 18:46:25.575Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 18:46:25.668Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 18:46:25.668Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 18:46:25.668Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 18:46:25.668Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 18:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 18:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 18:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 18:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 18:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 18:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 18:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 18:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 18:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 18:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 18:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 18:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 18:46:26.43Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 18:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 18:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 18:46:26.137Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 18:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 18:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 18:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 18:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 18:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 18:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 18:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 18:46:26.325Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 18:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 18:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 18:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 18:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 18:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 18:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 18:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 18:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 18:46:26.606Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 18:46:26.606Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 18:46:26.606Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 18:46:26.606Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 18:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 18:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 18:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 18:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 18:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 18:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 18:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 18:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 18:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 18:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 18:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 18:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 18:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 18:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 18:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 18:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 18:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 18:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 18:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 18:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 18:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 18:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 18:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 18:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 18:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 18:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 18:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 18:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 18:46:27.403Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 18:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 18:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 18:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 18:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 18:46:27.637Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 18:46:27.637Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 18:46:27.637Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 18:46:27.731Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 18:46:27.731Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 18:46:27.731Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 18:46:27.731Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 18:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 18:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 18:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 18:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 18:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 18:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 18:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 18:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 18:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 18:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 18:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 18:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 18:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 18:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 18:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 18:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 18:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 18:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 18:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 18:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 18:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 18:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 18:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 18:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 18:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 18:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 18:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 18:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 18:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 18:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 18:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 18:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 18:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 18:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 18:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 18:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 18:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 18:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 18:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 18:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 18:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 18:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 18:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 18:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 18:46:28.856Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 18:46:28.856Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 18:46:28.856Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 18:46:28.856Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 18:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 18:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 18:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 18:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 18:46:29.43Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 18:46:29.43Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 18:46:29.43Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 18:46:29.43Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 18:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 18:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 18:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 18:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 18:46:29.231Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 18:46:29.231Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 18:46:29.231Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 18:46:29.231Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\script.fon
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\script.fon
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\script.fon
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 18:46:29.325Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 18:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 18:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 18:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 18:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 18:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 18:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 18:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 18:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 18:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 18:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 18:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 18:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 18:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 18:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 18:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 18:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 18:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 18:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 18:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 18:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 18:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 18:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 18:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 18:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 18:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 18:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 18:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 18:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 18:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 18:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 18:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 18:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 18:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 18:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 18:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 18:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 18:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 18:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 18:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 18:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 18:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 18:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 18:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 18:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 18:46:31.59Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 18:46:31.59Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 18:46:31.59Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 18:46:31.59Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 18:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 18:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 18:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 18:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 18:46:31.247Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 18:46:31.247Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 18:46:31.247Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 18:46:31.247Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 18:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 18:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 18:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 18:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 18:46:31.434Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 18:46:31.434Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 18:46:31.434Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 18:46:31.434Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 18:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 18:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 18:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 18:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 18:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 18:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 18:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 18:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 18:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 18:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 18:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 18:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 18:46:31.997Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 18:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 18:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 18:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 18:46:32.372Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 18:46:32.465Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 18:46:32.465Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 18:46:32.465Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 18:46:32.778Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 18:46:32.872Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 18:46:32.872Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 18:46:32.872Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 18:46:32.965Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 18:46:32.965Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 18:46:32.965Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 18:46:32.965Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 18:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 18:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 18:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 18:46:33.59Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 18:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 18:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 18:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 18:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 18:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 18:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 18:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 18:46:33.247Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 18:46:33.340Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 18:46:33.340Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 18:46:33.340Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 18:46:33.340Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 18:46:33.434Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 18:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 18:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 18:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 18:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 18:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 18:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 18:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 18:46:33.668Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 18:46:33.668Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 18:46:33.668Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 18:46:33.668Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 18:46:33.762Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 18:46:33.762Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 18:46:33.762Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 18:46:33.762Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 18:46:33.856Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 18:46:33.856Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 18:46:33.856Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 18:46:33.856Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 18:46:33.950Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 18:46:33.950Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 18:46:33.950Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 18:46:33.950Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 18:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 18:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 18:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 18:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 18:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 18:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 18:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 18:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 18:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 18:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 18:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 18:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 18:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 18:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 18:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 18:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 18:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 18:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 18:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 18:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 18:46:34.512Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 18:46:34.512Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 18:46:34.512Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 18:46:34.512Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 18:46:34.606Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 18:46:34.606Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 18:46:34.606Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 18:46:34.606Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 18:46:34.700Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 18:46:34.700Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 18:46:34.700Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 18:46:34.700Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 18:46:34.793Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 18:46:34.793Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 18:46:34.793Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 18:46:34.793Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 18:46:34.887Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 18:46:34.887Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 18:46:34.887Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 18:46:34.887Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 18:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 18:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 18:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 18:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 18:46:35.75Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 18:46:35.75Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 18:46:35.75Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 18:46:35.75Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 18:46:35.168Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 18:46:35.168Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 18:46:35.168Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 18:46:35.168Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 18:46:35.262Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 18:46:35.262Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 18:46:35.262Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 18:46:35.262Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 18:46:35.356Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 18:46:35.356Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 18:46:35.356Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 18:46:35.356Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 18:46:35.450Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 18:46:35.450Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 18:46:35.450Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 18:46:35.450Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 18:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 18:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 18:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 18:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 18:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 18:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 18:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 18:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 18:46:35.731Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 18:46:35.731Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 18:46:35.731Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 18:46:35.731Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 18:46:35.825Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 18:46:35.825Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 18:46:35.825Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 18:46:35.825Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 18:46:35.918Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 18:46:35.918Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 18:46:35.918Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 18:46:35.918Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 18:46:36.12Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 18:46:36.12Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 18:46:36.12Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 18:46:36.12Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 18:46:36.106Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 18:46:36.106Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 18:46:36.106Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 18:46:36.106Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 18:46:36.200Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 18:46:36.200Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 18:46:36.200Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 18:46:36.200Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 18:46:36.293Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 18:46:36.293Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 18:46:36.293Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 18:46:36.293Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 18:46:36.387Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 18:46:36.387Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 18:46:36.387Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 18:46:36.387Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 18:46:36.481Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 18:46:36.481Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 18:46:36.481Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 18:46:36.481Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 18:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 18:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 18:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 18:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 18:46:36.622Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 18:46:36.622Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 18:46:36.622Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 18:46:36.622Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 18:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 18:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 18:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 18:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 18:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 18:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 18:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 18:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 18:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 18:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 18:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 18:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 18:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 18:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 18:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 18:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 18:46:37.278Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 18:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 18:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 18:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 18:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 18:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 18:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 18:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 18:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 18:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 18:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 18:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 18:46:37.606Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 18:46:37.793Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 18:46:37.793Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 18:46:37.793Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 18:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 18:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 18:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 18:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 18:46:38.262Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 18:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 18:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 18:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 18:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 18:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 18:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 18:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 18:46:39.106Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 18:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 18:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 18:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 18:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 18:46:39.762Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 18:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 18:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 18:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 18:46:40.137Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 18:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 18:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 18:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 18:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 18:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 18:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 18:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 18:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 18:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 18:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 18:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 18:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 18:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 18:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 18:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 18:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 18:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 18:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 18:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 18:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 18:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 18:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 18:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 18:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 18:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 18:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 18:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 18:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 18:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 18:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 18:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 18:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 18:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 18:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 18:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 18:46:41.637Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 18:46:41.684Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 18:46:41.684Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 18:46:41.684Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 18:46:41.825Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 18:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 18:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 18:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 18:46:42.12Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 18:46:42.59Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 18:46:42.59Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 18:46:42.59Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 18:46:42.153Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 18:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 18:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 18:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 18:46:42.340Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 18:46:42.434Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 18:46:42.434Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 18:46:42.434Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 18:46:42.528Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 18:46:42.622Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 18:46:42.622Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 18:46:42.622Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 18:46:42.715Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 18:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 18:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 18:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 18:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 18:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 18:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 18:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 18:46:43.90Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 18:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 18:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 18:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 18:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 18:46:43.278Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 18:46:43.278Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 18:46:43.278Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 18:46:43.372Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 18:46:43.418Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 18:46:43.418Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 18:46:43.418Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 18:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 18:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 18:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 18:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 18:46:43.606Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 18:46:43.606Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 18:46:43.606Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 18:46:43.606Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 18:46:43.747Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 18:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 18:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 18:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 18:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 18:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 18:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 18:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 18:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 18:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 18:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 18:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 18:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 18:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 18:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 18:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 18:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 18:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 18:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 18:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 18:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 18:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 18:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 18:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 18:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 18:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 18:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 18:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 18:46:46.137Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 18:46:46.137Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 18:46:46.137Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 18:46:46.137Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 18:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 18:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 18:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 18:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 18:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 18:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 18:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 18:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 18:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 18:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 18:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 18:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 18:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 18:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 18:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 18:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 18:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 18:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 18:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 18:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 18:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 18:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 18:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 18:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 18:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 18:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 18:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 18:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 18:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 18:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 18:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 18:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 18:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 18:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 18:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 18:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 18:46:47.262Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 18:46:47.262Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 18:46:47.262Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 18:46:47.262Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 18:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 18:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 18:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 18:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 18:46:47.497Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 18:46:47.497Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 18:46:47.497Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.543Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.590Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.637Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 18:46:47.637Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.684Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.731Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.778Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.825Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.872Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.918Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.965Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 18:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 18:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 18:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 18:46:48.106Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:48.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:48.481Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:48.481Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:48.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 18:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 18:46:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:48.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:48.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:48.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:49.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:49.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:49.278Open1480C:\malware.exeC:\dwmapi.dll
3/3/2020 - 18:46:49.278Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
3/3/2020 - 18:46:49.278Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
3/3/2020 - 18:46:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:49.325Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
3/3/2020 - 18:46:49.325Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 18:46:49.325Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:46:49.325Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:46:49.325Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:46:49.325Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/3/2020 - 18:46:49.325Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/3/2020 - 18:46:49.325Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
3/3/2020 - 18:46:49.325Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:46:49.340Open1480C:\malware.exeC:\shfolder.dll
3/3/2020 - 18:46:49.340Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
3/3/2020 - 18:46:49.340Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
3/3/2020 - 18:46:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:47:24.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\crx.exe
3/3/2020 - 18:47:24.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:24.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:24.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:47:24.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:24.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:25.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:25.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:25.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:25.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:25.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:25.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:25.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:25.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:25.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:25.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:25.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:25.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:25.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:47:25.637Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/3/2020 - 18:47:25.778Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/3/2020 - 18:47:25.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:25.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:25.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:26.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:47:26.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:26.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:26.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:47:27.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 18:47:27.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:27.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:27.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:27.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:27.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:27.934Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
3/3/2020 - 18:47:28.28Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.28Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
3/3/2020 - 18:47:28.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 18:47:28.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 18:47:28.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:28.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:28.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:29.12Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
3/3/2020 - 18:47:29.106Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.106Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
3/3/2020 - 18:47:29.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:47:29.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
3/3/2020 - 18:47:29.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:29.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:30.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/3/2020 - 18:47:30.325Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/3/2020 - 18:47:30.325Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/3/2020 - 18:47:30.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.606Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
3/3/2020 - 18:47:30.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 18:47:30.700Open1480C:\malware.exeC:\malware.config
3/3/2020 - 18:47:30.700Open1480C:\malware.exeC:\malware.config
3/3/2020 - 18:47:30.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:30.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:30.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:30.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:30.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:30.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:30.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\rezlappx.zip
3/3/2020 - 18:47:31.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:31.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:31.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
3/3/2020 - 18:47:31.590Open1480C:\malware.exeC:\rasapi32.dll
3/3/2020 - 18:47:31.590Open1480C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
3/3/2020 - 18:47:31.590Open1480C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
3/3/2020 - 18:47:31.872Open1480C:\malware.exeC:\rasman.dll
3/3/2020 - 18:47:31.872Open1480C:\malware.exeC:\Windows\SysWOW64\rasman.dll
3/3/2020 - 18:47:31.872Open1480C:\malware.exeC:\Windows\SysWOW64\rasman.dll
3/3/2020 - 18:47:32.247Open1480C:\malware.exeC:\rtutils.dll
3/3/2020 - 18:47:32.247Open1480C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
3/3/2020 - 18:47:32.293Open1480C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.622Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.637Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
3/3/2020 - 18:47:32.637Open1480C:\malware.exeC:\malware.config
3/3/2020 - 18:47:32.637Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:32.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:32.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:32.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 18:47:32.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:32.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 18:47:32.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 18:47:32.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:47:32.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:32.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\winhttp.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\webio.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
3/3/2020 - 18:47:32.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\cryptsp.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
3/3/2020 - 18:47:32.653Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
3/3/2020 - 18:47:32.700Open1480C:\malware.exeC:\credssp.dll
3/3/2020 - 18:47:32.700Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
3/3/2020 - 18:47:32.700Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
3/3/2020 - 18:47:32.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.793Open1480C:\malware.exeC:\IPHLPAPI.DLL
3/3/2020 - 18:47:32.793Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/3/2020 - 18:47:32.793Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/3/2020 - 18:47:32.793Open1480C:\malware.exeC:\WINNSI.DLL
3/3/2020 - 18:47:32.793Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
3/3/2020 - 18:47:32.793Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
3/3/2020 - 18:47:32.793Open1480C:\malware.exeC:\dhcpcsvc6.DLL
3/3/2020 - 18:47:32.793Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
3/3/2020 - 18:47:32.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
3/3/2020 - 18:47:32.793Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
3/3/2020 - 18:47:32.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
3/3/2020 - 18:47:32.840Open1480C:\malware.exeC:\dhcpcsvc.DLL
3/3/2020 - 18:47:32.840Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
3/3/2020 - 18:47:32.840Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
3/3/2020 - 18:47:32.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:32.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:33.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\CRYPTSP.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\RpcRtRemote.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/3/2020 - 18:47:33.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/3/2020 - 18:47:33.168Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/3/2020 - 18:47:33.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/3/2020 - 18:47:33.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:33.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:33.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:33.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
3/3/2020 - 18:47:33.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:33.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:33.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:54.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
3/3/2020 - 18:47:54.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:54.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
3/3/2020 - 18:47:54.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
3/3/2020 - 18:47:54.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\rezlappx.zip
3/3/2020 - 18:47:54.340Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
3/3/2020 - 18:47:54.340Delete1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\rezlappx.zip
3/3/2020 - 18:47:54.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\rezlappx.zip
3/3/2020 - 18:47:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:47:54.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\pt-BR\BBS.resources.dll
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\pt-BR\BBS.resources\BBS.resources.dll
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\pt-BR\BBS.resources.exe
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\pt-BR\BBS.resources\BBS.resources.exe
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:47:54.356Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:47:54.356Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:47:54.356Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/3/2020 - 18:47:54.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/3/2020 - 18:47:54.372Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
3/3/2020 - 18:47:54.372Open1480C:\malware.exeC:\pt\BBS.resources.dll
3/3/2020 - 18:47:54.372Open1480C:\malware.exeC:\pt\BBS.resources\BBS.resources.dll
3/3/2020 - 18:47:54.372Open1480C:\malware.exeC:\pt\BBS.resources.exe
3/3/2020 - 18:47:54.372Open1480C:\malware.exeC:\pt\BBS.resources\BBS.resources.exe
3/3/2020 - 18:47:54.372Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 18:47:54.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/3/2020 - 18:47:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\PROPSYS.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:47:54.418Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\apphelp.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.418Unknown1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.418Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows
3/3/2020 - 18:47:54.418Unknown1480C:\malware.exeC:\Windows
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.418Unknown1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.418Unknown1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.418Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.434Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.434Unknown1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/3/2020 - 18:47:54.434Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/3/2020 - 18:47:54.434Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:47:54.434Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:47:54.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.450Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\desktop.ini
3/3/2020 - 18:47:54.450Read1480C:\malware.exeC:\Users\desktop.ini
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.450Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.450Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot\AppData
3/3/2020 - 18:47:54.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.450Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
3/3/2020 - 18:47:54.450Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
3/3/2020 - 18:47:54.465Read1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
3/3/2020 - 18:47:54.465Read1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
3/3/2020 - 18:47:54.465Read1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
3/3/2020 - 18:47:54.465Read1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
3/3/2020 - 18:47:54.465Read1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
3/3/2020 - 18:47:54.465Read1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
3/3/2020 - 18:47:54.465Read1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
3/3/2020 - 18:47:54.465Read1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
3/3/2020 - 18:47:54.465Read1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
3/3/2020 - 18:47:54.465Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.465Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.481Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.481Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
3/3/2020 - 18:47:54.481Read1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.481Unknown1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.481Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows
3/3/2020 - 18:47:54.481Unknown1480C:\malware.exeC:\Windows
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.481Unknown1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.481Unknown1480C:\malware.exeC:\Windows\SysWOW64
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.481Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.481Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.559Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.559Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.559Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.700Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.700Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\Windows\System32\propsys.dll
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
3/3/2020 - 18:47:54.700Open1480C:\malware.exeC:\Windows\System32\propsys.dll
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Secur32.dll
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe:Zone.Identifier
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.793Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 18:47:54.793Open1480C:\malware.exeC:\Users\Behemot\AppData
3/3/2020 - 18:47:54.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData
3/3/2020 - 18:47:54.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:54.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.809Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ui\SwDRM.dll
3/3/2020 - 18:47:54.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:54.809Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\Prefetch\MOC.EXE-C735B2A0.pf
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\System32\wow64.dll
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\System32\wow64.dll
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\System32\wow64win.dll
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\System32\wow64win.dll
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\System32\wow64cpu.dll
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\System32\wow64cpu.dll
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\System32\wow64log.dll
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows
3/3/2020 - 18:47:54.903Unknown2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows
3/3/2020 - 18:47:54.903Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\sechost.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\sechost.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\imm32.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\imm32.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\imm32.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\imm32.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\imm32.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\imm32.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\tzres.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\tzres.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\tzres.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows\SysWOW64\tzres.dll
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Users\Behemot\AppData\Roaming\rezlappx.zip
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Users\Behemot\AppData\Roaming\rezlappx.zip
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Users\Behemot\AppData\Roaming\rezlappx.zip.zip
3/3/2020 - 18:47:55.122Open2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Users\Behemot\AppData\Roaming\rezlappx.zip.zip
3/3/2020 - 18:47:55.137Unknown2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Windows
3/3/2020 - 18:47:55.137Unknown2512C:\Users\Behemot\AppData\Roaming\moc.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 18:47:59.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\crx.exe
3/3/2020 - 18:47:59.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:59.856Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
3/3/2020 - 18:47:59.856Delete1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:59.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:59.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:59.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\rezlappx.zip
3/3/2020 - 18:47:59.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:47:59.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:47:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:47:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.184Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
3/3/2020 - 18:48:0.184Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
3/3/2020 - 18:48:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:48:0.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 18:48:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 18:48:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:48:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 18:48:0.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116953
3/3/2020 - 18:48:0.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116953
3/3/2020 - 18:48:0.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116953
3/3/2020 - 18:48:0.247Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:48:0.247Unknown1480C:\malware.exeC:\Windows
3/3/2020 - 18:48:0.247Unknown1480C:\malware.exeC:\Monitor
3/3/2020 - 18:48:0.247Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:48:0.247Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 18:48:0.247Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/3/2020 - 18:48:0.247Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
3/3/2020 - 18:48:0.247Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 18:48:0.247Unknown1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui

Process
Trace
3/3/2020 - 18:47:54.793Create1480C:\malware.exe2512C:\Users\Behemot\AppData\Roaming\moc.exe
3/3/2020 - 18:47:55.137Terminate1480C:\malware.exe2512C:\Users\Behemot\AppData\Roaming\moc.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
3/3/2020 - 18:46:3.59Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
3/3/2020 - 18:47:24.372Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA
3/3/2020 - 18:47:32.575Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
3/3/2020 - 18:47:32.575Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
3/3/2020 - 18:47:32.575Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileTracingMask
3/3/2020 - 18:47:32.575Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
3/3/2020 - 18:47:32.575Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32MaxFileSize
3/3/2020 - 18:47:32.575Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileDirectory
3/3/2020 - 18:47:32.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableFileTracing
3/3/2020 - 18:47:32.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableConsoleTracing
3/3/2020 - 18:47:32.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileTracingMask
3/3/2020 - 18:47:32.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSConsoleTracingMask
3/3/2020 - 18:47:32.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSMaxFileSize
3/3/2020 - 18:47:32.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileDirectory
3/3/2020 - 18:47:54.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/3/2020 - 18:47:54.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/3/2020 - 18:47:54.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/3/2020 - 18:47:54.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/3/2020 - 18:47:54.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/3/2020 - 18:47:54.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/3/2020 - 18:47:54.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/3/2020 - 18:47:54.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.

Response
computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255


TCP
Info
computer localhost:65191 arrow_forward 104.238.191.166:80

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 59.13%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 65.45%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 58.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 39.60%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.84%
suspicious: False cancel

Add to Collection
Download