Report #8432 check_circle

Binary
DLL
False cancel
Size
580.26KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
5f6fdd8bfbe18960aefe45ba25fe417f
sha1
1dee3b931d012e2e5abd27f9599ef19c2663f6bd
crc32
0x3c44ac3
sha224
f8f988d62d22dbc1bc957d293b6701c1832c1e970d7eb543f240151a
sha256
2884861eca60ffe1894ca03b81d6580e784710ec0fa77a49963ecab856606be0
sha384
3561a7e8fc6db69ba450498a222a3fd2456e9dda555538f1d5e2cd3659f5dec6b7a7d719b784f59dd0d7d3dbdd035afc
sha512
f3cc03a5212e0e6c8492bef8dc81b8b2b79e98905dfb126d0dae2cbb526f979b63dcf808b498d2357c2cebc58995313424204d05664ceeebf82cdac1cf86c292
ssdeep
12288:kktKAdSWLGPyCkoKOjrm8Uy0shvQMEResb3Zf8WJ4riwawc7E:kktKAdSWzCr528UhE
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, HasDigitalSignature, Microsoft_Visual_Studio_NET_additional, screenshot, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_Studio_NET, IsPacked, HasOverlay, NET_executable_, url, domain, IsPE32, Qemu_Detection, IsWindowsGUI

Suspicious
True check_circle

Strings
List
support@xb0xdna.com
support@xb0xdna.com
My.Computer
E.Ci
C.iO
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
System.ComponentModel.Design
U.Vu
4System.Web.Services.Protocols.SoapHttpClientProtocol
xinput1_3.dll
UxTheme.dll
dwmapi.dll
CDCiSWDq.exe
CDCiSWDq.exe
CDCiSWDq.exe
2.8.5.3
2.8.5.3
2.8.5.3
2.8.5.3
,34.4
10.0.0.0
8.0.0.0
4.0.0.0
System.Windows.Forms.VisualStyles
name="Microsoft.Windows.Common-Controls"
Ok{%AM1
TrySetApartmentState
E%s0<h
get_MenuItemSelected
DelegateCallback
System.Windows.Forms.Form
$%%!)
%EnM)
3System.Resources.Tools.StronglyTypedResourceBuilder
ApartmentState
get_IsHandleCreated
remove_ColorChanged
VBMath
DelegateAsyncResult
DelegateAsyncState
Delegate
CreateDelegate
MulticastDelegate
System.Windows.Forms
%tEXtdate:create
%tEXtdate:modify
<!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->
requestedExecutionLevel node with one of the following.
mscoree.dll
add_Shutdown
set_WindowListener
get_WindowListener
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
get_Registry
get_ResourceManager
set_ShutdownStyle
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD_hp|
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
publicKeyToken="6595b64144ccf1df"
ServerComputer
DebuggerHiddenAttribute
WindowListener
DestroyHandle
DebuggerBrowsableState
DrawBackground
AuthenticationMode
RegistryProxy
DebuggableAttribute
DebuggingModes
ShutdownMode
7E5D
ResourceManager
DebuggerStepThroughAttribute
@Is Automatical change AeroBackgound to True when Aero is Enable?
m_FormBeingCreated
Aero Glass Enabled.
GetKeyState
DTT_COMPOSITED
b4aE
b3aE
DWM_BB_ENABLE
It can be slow in big forms.
Occurs when Aero Color changed.
OnMouseEnter
DWM_BB_BLURREGION
OnCreateControl
DWM_TNP_RECTSOURCE
DWM_TNP_VISIBLE
DWM_TNP_OPACITY
DWM_TNP_RECTDESTINATION
OnMouseDown
OnKeyDown
DTT_GLOWSIZE
OnKeyPress
OnDrawNode
OnTextChanged

Foremost
Matches
0.exe, 578 KB, 202.png, 251 KB, 935.png, 10 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 2.8.5.3, 1, anantes-650-1-208-3.w2-8.abo.wanadoo.fr.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed: http://www.w3.org/2001/xmlschema-instance
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: UxTheme.dll, dwmapi.dll, mscoree.dll, gdi32.dll, xinput1_3.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 114688
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 647846
Suspicous: False cancel

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 484830
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: uxtheme.dll, dwmapi.dll, mscoree.dll, gdi32.dll
hasLibs: True check_circle
Suspicious: xinput1_3.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-07-31 01:24:59
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 16
.text: 141

pushpopmath
.rsrc: 2
.text: 109

ss register
.text: 4

garbagebytes
.rsrc: 11
.text: 58

hookdetection
.text: 2

software breakpoint
.text: 4

fakeconditionaljumps
.text: 4

programcontrolflowchange
.rsrc: 11
.text: 54

cpuinstructionsresultscomparison
.rsrc: 4
.text: 7

AVclass
skeeyah
1
VirusTotal
md5
5f6fdd8bfbe18960aefe45ba25fe417f
sha1
1dee3b931d012e2e5abd27f9599ef19c2663f6bd
SCANS (DETECTION RATE = 66.67%)
AVG
result: MSIL:GenMalicious-FAA [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180324
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180325
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180325
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 004c949c1 )
update: 20180325
version: 10.42.26601
detected: True check_circle

ALYac
result: Trojan.GenericKD.2609392
update: 20180325
version: 1.1.1.5
detected: True check_circle

Avast
result: MSIL:GenMalicious-FAA [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Dropper.MSIL.177277
update: 20180324
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.KYFR-7922
update: 20180325
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.DownLoader15.21711
update: 20180325
version: 7.0.28.2020
detected: True check_circle

GData
result: Trojan.GenericKD.2609392
update: 20180325
version: A:25.16495B:25.11872
detected: True check_circle

Panda
result: PUP/Multitoolbar
update: 20180324
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.MSIL.Inject
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180325
version: 65508
detected: True check_circle

Zoner
update: 20180325
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180325
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180325
version: 0.99.2.0
detected: False cancel

Comodo
update: 20180325
detected: False cancel

F-Prot
update: 20180325
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.MSIL.Crypt
update: 20180324
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!5F6FDD8BFBE1
update: 20180325
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180325
version: 25.0.0.1
detected: False cancel

Sophos
result: Troj/MSIL-DWP
update: 20180325
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Inject!3h8LELuUTv0
update: 20180324
version: 5.5.1.3
detected: True check_circle

Alibaba
update: 20180327
version: 1.0
detected: False cancel

Arcabit
result: Trojan.Generic.D27D0F0
update: 20180325
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180325
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan.Falsesign.Sysl
update: 20180325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180324
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180325
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.2609392
update: 20180325
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.MSIL.Inject.chlc!c
update: 20180325
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.2609392 (B)
update: 20180325
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.2609392
update: 20180325
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Inject.CHLC!tr
update: 20180325
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
update: 20180325
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180325
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180325
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180324
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180325
version: 2018-03-25.02
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Skeeyah.R160934
update: 20180324
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/MSIL.Inject
update: 20180325
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-PSW.Win32.Generic
update: 20180325
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180325
version: 1.1.14600.4
detected: False cancel

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20180325
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: Trojan/Kryptik.daf
update: 20180319
version: 6.8.0.5.2551
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.Win32.Generic
update: 20180325
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.DAF
update: 20180325
version: 17111
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0OBF18
update: 20180325
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180324
detected: False cancel

BitDefender
result: Trojan.GenericKD.2609392
update: 20180325
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_90% (D)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 004c949c1 )
update: 20180325
version: 10.42.26601
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180324
version: 180324-00
detected: False cancel

Malwarebytes
update: 20180325
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180325
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Skeeyah
update: 20180324
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Inject.dusynb
update: 20180325
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.2609392
update: 20180325
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180325
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20180324
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0OBF18
update: 20180325
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
2884861eca60ffe1894ca03b81d6580e784710ec0fa77a49963ecab856606be0
scan_id
2884861eca60ffe1894ca03b81d6580e784710ec0fa77a49963ecab856606be0-1521961309
resource
5f6fdd8bfbe18960aefe45ba25fe417f
positives
44
scan_date
2018-03-25 07:01:49
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/3/2020 - 19:45:45.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/3/2020 - 19:45:45.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:45.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:45.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:45.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:45.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:45.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:45.778Open1480C:\malware.exeC:\malware.exe.config
3/3/2020 - 19:45:45.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/3/2020 - 19:45:45.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/3/2020 - 19:45:45.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/3/2020 - 19:45:45.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/3/2020 - 19:45:45.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/3/2020 - 19:45:45.793Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 19:45:45.793Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 19:45:45.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/3/2020 - 19:45:45.793Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.762Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:45:46.809Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:45:46.856Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:47.559Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:47.559Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:47.559Open1480C:\malware.exeC:\
3/3/2020 - 19:45:47.559Unknown1480C:\malware.exeC:\
3/3/2020 - 19:45:47.559Open1480C:\malware.exeC:\Monitor
3/3/2020 - 19:45:47.559Unknown1480C:\malware.exeC:\Monitor
3/3/2020 - 19:45:47.559Open1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 19:45:47.559Unknown1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 19:45:47.559Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:47.559Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:47.606Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
3/3/2020 - 19:45:47.653Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:45:47.887Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/3/2020 - 19:45:47.887Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\RichEd20.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\CRYPTSP.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.887Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.903Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
3/3/2020 - 19:45:47.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
3/3/2020 - 19:45:47.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\ncrypt.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\bcrypt.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
3/3/2020 - 19:45:47.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
3/3/2020 - 19:45:47.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
3/3/2020 - 19:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
3/3/2020 - 19:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
3/3/2020 - 19:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
3/3/2020 - 19:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
3/3/2020 - 19:45:47.965Open1480C:\malware.exeC:\GPAPI.dll
3/3/2020 - 19:45:47.965Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
3/3/2020 - 19:45:47.965Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
3/3/2020 - 19:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
3/3/2020 - 19:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
3/3/2020 - 19:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
3/3/2020 - 19:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
3/3/2020 - 19:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
3/3/2020 - 19:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
3/3/2020 - 19:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
3/3/2020 - 19:45:48.59Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:48.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/3/2020 - 19:45:48.59Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
3/3/2020 - 19:45:48.59Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
3/3/2020 - 19:45:48.59Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
3/3/2020 - 19:45:48.59Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/3/2020 - 19:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/3/2020 - 19:45:48.106Open1480C:\malware.exeC:\malware.config
3/3/2020 - 19:45:48.106Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:48.106Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:48.106Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:48.106Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:48.106Open1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 19:45:48.106Unknown1480C:\malware.exeC:\Monitor\Malware
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.106Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
3/3/2020 - 19:45:48.122Open1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:48.122Unknown1480C:\malware.exeC:\malware.exe
3/3/2020 - 19:45:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.122Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/3/2020 - 19:45:48.122Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/3/2020 - 19:45:48.122Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/3/2020 - 19:45:48.122Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 19:45:48.122Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:45:48.122Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:45:48.122Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:48.434Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
3/3/2020 - 19:45:48.434Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/3/2020 - 19:45:48.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/3/2020 - 19:45:48.434Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:48.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/3/2020 - 19:45:48.434Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:48.434Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:48.434Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:48.434Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:48.434Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/3/2020 - 19:45:48.481Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 19:45:48.481Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 19:45:48.668Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 19:45:48.668Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 19:45:48.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:48.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 19:45:48.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:48.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:48.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:48.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:48.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:48.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:48.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:49.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:49.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 19:45:49.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 19:45:49.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:49.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:49.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:49.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:49.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 19:45:49.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 19:45:49.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:49.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 19:45:49.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:49.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:49.465Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/3/2020 - 19:45:49.606Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:49.606Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/3/2020 - 19:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:49.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:49.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:49.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:50.684Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/3/2020 - 19:45:50.825Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:50.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/3/2020 - 19:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:51.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:51.293Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.434Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:53.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:45:53.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:45:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:53.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:53.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:45:53.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:54.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:54.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:54.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 19:45:54.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/3/2020 - 19:45:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:54.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:54.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:54.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:54.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:54.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:54.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:54.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:54.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:54.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:54.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:54.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:54.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:55.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/3/2020 - 19:45:55.309Open1480C:\malware.exeC:\VERSION.dll
3/3/2020 - 19:45:55.309Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
3/3/2020 - 19:45:55.309Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
3/3/2020 - 19:45:55.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 19:45:55.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:55.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:55.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/3/2020 - 19:45:55.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:45:55.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:55.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:55.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:55.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:55.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:55.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:56.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:56.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:56.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:56.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:56.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:56.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:56.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:56.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:56.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:57.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:57.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:57.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:57.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:57.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:57.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:57.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:57.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:57.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:57.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:57.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:57.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:57.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:57.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:57.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:57.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:57.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:57.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:57.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:58.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:58.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:58.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:58.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:58.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:58.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:59.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:59.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:59.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:59.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:45:59.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:59.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:59.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:59.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:59.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:59.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:59.622Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
3/3/2020 - 19:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:59.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:59.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:59.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:45:59.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:59.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:0.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.137Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.137Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:46:0.606Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:46:0.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:0.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:1.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:1.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:1.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:1.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:46:1.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:1.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:1.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:1.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:1.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:1.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:2.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:2.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
3/3/2020 - 19:46:2.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:2.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:2.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:2.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:2.856Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/3/2020 - 19:46:2.856Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/3/2020 - 19:46:2.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 19:46:2.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 19:46:2.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 19:46:3.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.481Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:46:3.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:3.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:4.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:4.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:4.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:4.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:5.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:5.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:5.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:5.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:6.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:6.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:6.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:6.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:6.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:6.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:6.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:7.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:7.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:7.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:7.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:7.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:7.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:7.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:7.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:7.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:7.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:7.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:7.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:7.606Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/3/2020 - 19:46:7.606Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 19:46:7.606Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/3/2020 - 19:46:7.606Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/3/2020 - 19:46:7.606Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/3/2020 - 19:46:7.606Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/3/2020 - 19:46:7.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\ShFolder.DLL
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 19:46:7.653Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 19:46:7.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 19:46:7.653Unknown1480C:\malware.exeC:\Users\Behemot
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 19:46:7.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:7.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:7.653Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 19:46:7.653Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
3/3/2020 - 19:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 19:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 19:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 19:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
3/3/2020 - 19:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 19:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 19:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 19:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 19:46:7.668Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 19:46:7.731Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 19:46:7.778Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
3/3/2020 - 19:46:7.778Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 19:46:7.778Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 19:46:7.778Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 19:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
3/3/2020 - 19:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 19:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 19:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 19:46:8.59Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
3/3/2020 - 19:46:8.106Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 19:46:8.106Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 19:46:8.106Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 19:46:8.247Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
3/3/2020 - 19:46:8.293Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 19:46:8.293Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 19:46:8.293Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 19:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
3/3/2020 - 19:46:8.481Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 19:46:8.481Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 19:46:8.481Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 19:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
3/3/2020 - 19:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 19:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 19:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 19:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
3/3/2020 - 19:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 19:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 19:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 19:46:8.762Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
3/3/2020 - 19:46:8.762Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 19:46:8.762Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 19:46:8.762Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 19:46:8.903Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
3/3/2020 - 19:46:8.903Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 19:46:8.903Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 19:46:8.903Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 19:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
3/3/2020 - 19:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 19:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 19:46:9.90Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 19:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
3/3/2020 - 19:46:9.231Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 19:46:9.231Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 19:46:9.231Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 19:46:9.325Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
3/3/2020 - 19:46:9.325Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 19:46:9.325Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 19:46:9.325Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 19:46:9.418Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
3/3/2020 - 19:46:9.418Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 19:46:9.418Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 19:46:9.418Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 19:46:9.981Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 19:46:10.403Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 19:46:10.450Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 19:46:10.497Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
3/3/2020 - 19:46:10.497Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 19:46:10.497Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 19:46:10.497Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 19:46:10.590Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
3/3/2020 - 19:46:10.590Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 19:46:10.590Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 19:46:10.590Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 19:46:10.731Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
3/3/2020 - 19:46:10.731Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 19:46:10.731Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 19:46:10.731Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 19:46:10.825Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
3/3/2020 - 19:46:10.825Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 19:46:10.825Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 19:46:10.825Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 19:46:10.918Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
3/3/2020 - 19:46:10.965Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 19:46:10.965Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 19:46:10.965Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 19:46:11.59Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
3/3/2020 - 19:46:11.106Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 19:46:11.106Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 19:46:11.106Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 19:46:11.200Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
3/3/2020 - 19:46:11.200Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 19:46:11.200Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 19:46:11.200Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 19:46:11.293Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
3/3/2020 - 19:46:11.293Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 19:46:11.293Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 19:46:11.293Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 19:46:11.387Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
3/3/2020 - 19:46:11.434Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 19:46:11.434Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 19:46:11.434Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 19:46:11.528Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
3/3/2020 - 19:46:11.575Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 19:46:11.575Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 19:46:11.575Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 19:46:11.668Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
3/3/2020 - 19:46:11.715Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 19:46:11.715Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 19:46:11.715Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 19:46:11.809Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
3/3/2020 - 19:46:11.809Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 19:46:11.809Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 19:46:11.809Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 19:46:11.903Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
3/3/2020 - 19:46:11.903Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 19:46:11.903Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 19:46:11.903Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 19:46:11.997Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
3/3/2020 - 19:46:11.997Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 19:46:11.997Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 19:46:11.997Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 19:46:12.90Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
3/3/2020 - 19:46:12.137Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 19:46:12.137Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 19:46:12.137Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 19:46:12.418Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 19:46:12.559Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 19:46:12.559Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 19:46:12.559Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 19:46:12.840Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
3/3/2020 - 19:46:12.981Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 19:46:12.981Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 19:46:12.981Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 19:46:13.122Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
3/3/2020 - 19:46:13.168Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 19:46:13.168Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 19:46:13.168Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 19:46:13.262Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
3/3/2020 - 19:46:13.309Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 19:46:13.309Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 19:46:13.309Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 19:46:14.12Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 19:46:14.747Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 19:46:15.122Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 19:46:15.543Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
3/3/2020 - 19:46:15.918Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 19:46:15.918Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 19:46:15.918Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 19:46:16.575Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 19:46:17.325Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 19:46:17.700Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 19:46:18.122Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
3/3/2020 - 19:46:18.497Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 19:46:18.497Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 19:46:18.497Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 19:46:18.637Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
3/3/2020 - 19:46:18.684Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 19:46:18.684Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 19:46:18.684Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 19:46:19.12Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 19:46:19.340Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 19:46:19.340Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 19:46:19.340Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 19:46:19.668Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
3/3/2020 - 19:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 19:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 19:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 19:46:20.325Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 19:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 19:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 19:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 19:46:21.75Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
3/3/2020 - 19:46:21.403Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 19:46:21.403Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 19:46:21.403Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 19:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 19:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 19:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
3/3/2020 - 19:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 19:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 19:46:22.293Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 19:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 19:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 19:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
3/3/2020 - 19:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 19:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 19:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 19:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
3/3/2020 - 19:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 19:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 19:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 19:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 19:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 19:46:24.356Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
3/3/2020 - 19:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 19:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 19:46:24.450Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 19:46:24.825Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 19:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
3/3/2020 - 19:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 19:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 19:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 19:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
3/3/2020 - 19:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 19:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 19:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 19:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
3/3/2020 - 19:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 19:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 19:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 19:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
3/3/2020 - 19:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 19:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 19:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 19:46:25.668Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
3/3/2020 - 19:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 19:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 19:46:25.762Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 19:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
3/3/2020 - 19:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 19:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 19:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 19:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
3/3/2020 - 19:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 19:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 19:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 19:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
3/3/2020 - 19:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 19:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 19:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 19:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
3/3/2020 - 19:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 19:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 19:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 19:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
3/3/2020 - 19:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 19:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 19:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 19:46:26.512Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
3/3/2020 - 19:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 19:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 19:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 19:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
3/3/2020 - 19:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 19:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 19:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 19:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 19:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 19:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 19:46:26.934Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 19:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
3/3/2020 - 19:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 19:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 19:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 19:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
3/3/2020 - 19:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 19:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 19:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 19:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 19:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 19:46:27.403Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
3/3/2020 - 19:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 19:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 19:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 19:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
3/3/2020 - 19:46:27.684Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 19:46:27.684Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 19:46:27.684Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 19:46:27.778Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 19:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
3/3/2020 - 19:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 19:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 19:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 19:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
3/3/2020 - 19:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 19:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 19:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 19:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
3/3/2020 - 19:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 19:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 19:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 19:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
3/3/2020 - 19:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 19:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 19:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 19:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
3/3/2020 - 19:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 19:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 19:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 19:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
3/3/2020 - 19:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 19:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 19:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 19:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
3/3/2020 - 19:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 19:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 19:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 19:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
3/3/2020 - 19:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 19:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 19:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 19:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
3/3/2020 - 19:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 19:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 19:46:29.184Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 19:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
3/3/2020 - 19:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 19:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 19:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 19:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
3/3/2020 - 19:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 19:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 19:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 19:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
3/3/2020 - 19:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 19:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 19:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 19:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
3/3/2020 - 19:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 19:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 19:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 19:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
3/3/2020 - 19:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 19:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 19:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 19:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
3/3/2020 - 19:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 19:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 19:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 19:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
3/3/2020 - 19:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 19:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 19:46:29.981Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 19:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 19:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 19:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 19:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 19:46:30.75Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
3/3/2020 - 19:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 19:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 19:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 19:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
3/3/2020 - 19:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 19:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 19:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 19:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
3/3/2020 - 19:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 19:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 19:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 19:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
3/3/2020 - 19:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 19:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 19:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 19:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
3/3/2020 - 19:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 19:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 19:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 19:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
3/3/2020 - 19:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 19:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 19:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 19:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
3/3/2020 - 19:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 19:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 19:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 19:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
3/3/2020 - 19:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 19:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 19:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 19:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
3/3/2020 - 19:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 19:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 19:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 19:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
3/3/2020 - 19:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 19:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 19:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 19:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
3/3/2020 - 19:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 19:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 19:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 19:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
3/3/2020 - 19:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 19:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 19:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 19:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
3/3/2020 - 19:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 19:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 19:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 19:46:31.434Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
3/3/2020 - 19:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 19:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 19:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 19:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
3/3/2020 - 19:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 19:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 19:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 19:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
3/3/2020 - 19:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 19:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 19:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 19:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
3/3/2020 - 19:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 19:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 19:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 19:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
3/3/2020 - 19:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 19:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 19:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 19:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
3/3/2020 - 19:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 19:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 19:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 19:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
3/3/2020 - 19:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 19:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 19:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 19:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
3/3/2020 - 19:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 19:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 19:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 19:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
3/3/2020 - 19:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 19:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 19:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 19:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
3/3/2020 - 19:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 19:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 19:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 19:46:32.559Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
3/3/2020 - 19:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 19:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 19:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 19:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
3/3/2020 - 19:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 19:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 19:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 19:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
3/3/2020 - 19:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 19:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 19:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 19:46:32.825Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
3/3/2020 - 19:46:32.825Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 19:46:32.825Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 19:46:32.825Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 19:46:32.918Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
3/3/2020 - 19:46:32.918Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 19:46:32.918Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 19:46:32.918Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 19:46:33.12Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
3/3/2020 - 19:46:33.12Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 19:46:33.12Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 19:46:33.12Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 19:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
3/3/2020 - 19:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 19:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 19:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 19:46:33.200Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
3/3/2020 - 19:46:33.200Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 19:46:33.200Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 19:46:33.200Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 19:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
3/3/2020 - 19:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 19:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 19:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\script.fon
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\script.fon
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\script.fon
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 19:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 19:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
3/3/2020 - 19:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 19:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 19:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 19:46:33.622Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
3/3/2020 - 19:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 19:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 19:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 19:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
3/3/2020 - 19:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 19:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 19:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 19:46:33.997Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
3/3/2020 - 19:46:33.997Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 19:46:33.997Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 19:46:33.997Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 19:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
3/3/2020 - 19:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 19:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 19:46:34.90Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 19:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
3/3/2020 - 19:46:34.372Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 19:46:34.372Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 19:46:34.372Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 19:46:34.512Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
3/3/2020 - 19:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 19:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 19:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 19:46:34.747Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
3/3/2020 - 19:46:34.747Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 19:46:34.747Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 19:46:34.747Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 19:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
3/3/2020 - 19:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 19:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 19:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 19:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
3/3/2020 - 19:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 19:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 19:46:34.934Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 19:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
3/3/2020 - 19:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 19:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 19:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 19:46:35.122Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
3/3/2020 - 19:46:35.122Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 19:46:35.122Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 19:46:35.122Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 19:46:35.215Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
3/3/2020 - 19:46:35.215Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 19:46:35.215Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 19:46:35.215Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 19:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
3/3/2020 - 19:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 19:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 19:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 19:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
3/3/2020 - 19:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 19:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 19:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 19:46:35.497Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
3/3/2020 - 19:46:35.497Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 19:46:35.497Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 19:46:35.497Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 19:46:35.590Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
3/3/2020 - 19:46:35.590Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 19:46:35.590Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 19:46:35.590Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 19:46:35.684Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
3/3/2020 - 19:46:35.684Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 19:46:35.684Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 19:46:35.684Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 19:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
3/3/2020 - 19:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 19:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 19:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 19:46:36.59Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
3/3/2020 - 19:46:36.153Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 19:46:36.153Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 19:46:36.153Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 19:46:36.434Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
3/3/2020 - 19:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 19:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 19:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 19:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
3/3/2020 - 19:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 19:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 19:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 19:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
3/3/2020 - 19:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 19:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 19:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 19:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
3/3/2020 - 19:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 19:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 19:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 19:46:37.184Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
3/3/2020 - 19:46:37.184Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 19:46:37.184Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 19:46:37.184Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 19:46:37.278Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
3/3/2020 - 19:46:37.278Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 19:46:37.278Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 19:46:37.278Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 19:46:37.372Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
3/3/2020 - 19:46:37.372Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 19:46:37.372Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 19:46:37.372Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 19:46:37.465Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
3/3/2020 - 19:46:37.465Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 19:46:37.465Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 19:46:37.465Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 19:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
3/3/2020 - 19:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 19:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 19:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 19:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
3/3/2020 - 19:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 19:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 19:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 19:46:37.747Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
3/3/2020 - 19:46:37.747Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 19:46:37.747Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 19:46:37.747Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 19:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
3/3/2020 - 19:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 19:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 19:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 19:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
3/3/2020 - 19:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 19:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 19:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 19:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
3/3/2020 - 19:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 19:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 19:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 19:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
3/3/2020 - 19:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 19:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 19:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 19:46:38.215Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
3/3/2020 - 19:46:38.215Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 19:46:38.215Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 19:46:38.215Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 19:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
3/3/2020 - 19:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 19:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 19:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 19:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
3/3/2020 - 19:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 19:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 19:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 19:46:38.497Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
3/3/2020 - 19:46:38.497Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 19:46:38.497Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 19:46:38.497Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 19:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
3/3/2020 - 19:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 19:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 19:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 19:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
3/3/2020 - 19:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 19:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 19:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 19:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
3/3/2020 - 19:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 19:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 19:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 19:46:38.872Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
3/3/2020 - 19:46:38.872Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 19:46:38.872Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 19:46:38.872Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 19:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
3/3/2020 - 19:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 19:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 19:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 19:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
3/3/2020 - 19:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 19:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 19:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 19:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
3/3/2020 - 19:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 19:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 19:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 19:46:39.247Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
3/3/2020 - 19:46:39.247Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 19:46:39.247Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 19:46:39.247Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 19:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
3/3/2020 - 19:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 19:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 19:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 19:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
3/3/2020 - 19:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 19:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 19:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 19:46:39.528Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
3/3/2020 - 19:46:39.528Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 19:46:39.528Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 19:46:39.528Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 19:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
3/3/2020 - 19:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 19:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 19:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 19:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
3/3/2020 - 19:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 19:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 19:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 19:46:39.809Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
3/3/2020 - 19:46:39.809Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 19:46:39.809Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 19:46:39.809Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 19:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
3/3/2020 - 19:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 19:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 19:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 19:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
3/3/2020 - 19:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 19:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 19:46:39.997Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 19:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
3/3/2020 - 19:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 19:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 19:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 19:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
3/3/2020 - 19:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 19:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 19:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 19:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
3/3/2020 - 19:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 19:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 19:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 19:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
3/3/2020 - 19:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 19:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 19:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 19:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
3/3/2020 - 19:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 19:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 19:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 19:46:40.559Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
3/3/2020 - 19:46:40.559Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 19:46:40.559Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 19:46:40.559Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 19:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
3/3/2020 - 19:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 19:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 19:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 19:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
3/3/2020 - 19:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 19:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 19:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 19:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
3/3/2020 - 19:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 19:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 19:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 19:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
3/3/2020 - 19:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 19:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 19:46:40.934Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 19:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
3/3/2020 - 19:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 19:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 19:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 19:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
3/3/2020 - 19:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 19:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 19:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 19:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
3/3/2020 - 19:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 19:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 19:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 19:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
3/3/2020 - 19:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 19:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 19:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 19:46:41.637Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
3/3/2020 - 19:46:41.825Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 19:46:41.825Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 19:46:41.825Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 19:46:41.965Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
3/3/2020 - 19:46:42.153Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 19:46:42.153Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 19:46:42.153Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 19:46:42.293Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
3/3/2020 - 19:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 19:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 19:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 19:46:42.622Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
3/3/2020 - 19:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 19:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 19:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 19:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 19:46:43.372Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
3/3/2020 - 19:46:43.653Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 19:46:43.653Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 19:46:43.653Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 19:46:43.793Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
3/3/2020 - 19:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 19:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 19:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 19:46:44.168Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
3/3/2020 - 19:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 19:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 19:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 19:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
3/3/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 19:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
3/3/2020 - 19:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 19:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 19:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 19:46:45.59Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
3/3/2020 - 19:46:45.59Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 19:46:45.59Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 19:46:45.59Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 19:46:45.153Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
3/3/2020 - 19:46:45.153Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 19:46:45.153Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 19:46:45.153Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 19:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
3/3/2020 - 19:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 19:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 19:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 19:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
3/3/2020 - 19:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 19:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 19:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 19:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
3/3/2020 - 19:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 19:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 19:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 19:46:45.481Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
3/3/2020 - 19:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 19:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 19:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 19:46:45.668Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
3/3/2020 - 19:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 19:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 19:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 19:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
3/3/2020 - 19:46:45.903Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 19:46:45.903Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 19:46:45.903Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 19:46:46.43Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
3/3/2020 - 19:46:46.90Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 19:46:46.90Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 19:46:46.90Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 19:46:46.184Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
3/3/2020 - 19:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 19:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 19:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 19:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
3/3/2020 - 19:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 19:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 19:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 19:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
3/3/2020 - 19:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 19:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 19:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 19:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
3/3/2020 - 19:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 19:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 19:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 19:46:46.934Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
3/3/2020 - 19:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 19:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 19:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 19:46:47.75Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
3/3/2020 - 19:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 19:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 19:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 19:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
3/3/2020 - 19:46:47.262Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 19:46:47.262Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 19:46:47.262Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 19:46:47.356Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
3/3/2020 - 19:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 19:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 19:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 19:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
3/3/2020 - 19:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 19:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 19:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 19:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
3/3/2020 - 19:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 19:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 19:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 19:46:47.731Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
3/3/2020 - 19:46:49.325Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 19:46:49.325Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 19:46:49.325Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 19:46:49.418Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
3/3/2020 - 19:46:49.418Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 19:46:49.418Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 19:46:49.418Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 19:46:49.512Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
3/3/2020 - 19:46:49.512Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 19:46:49.512Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 19:46:49.512Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 19:46:49.606Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
3/3/2020 - 19:46:49.606Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 19:46:49.606Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 19:46:49.606Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 19:46:49.700Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
3/3/2020 - 19:46:49.700Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 19:46:49.700Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 19:46:49.700Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 19:46:49.840Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
3/3/2020 - 19:46:49.840Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 19:46:49.840Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 19:46:49.840Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 19:46:49.981Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
3/3/2020 - 19:46:49.981Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 19:46:49.981Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 19:46:49.981Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 19:46:50.122Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
3/3/2020 - 19:46:50.122Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 19:46:50.122Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 19:46:50.122Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 19:46:50.262Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
3/3/2020 - 19:46:50.262Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 19:46:50.262Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 19:46:50.262Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 19:46:50.356Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
3/3/2020 - 19:46:50.356Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 19:46:50.356Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 19:46:50.356Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 19:46:50.450Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
3/3/2020 - 19:46:50.450Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 19:46:50.450Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 19:46:50.450Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 19:46:50.543Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
3/3/2020 - 19:46:50.543Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 19:46:50.543Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 19:46:50.543Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 19:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
3/3/2020 - 19:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 19:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 19:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 19:46:50.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
3/3/2020 - 19:46:50.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 19:46:50.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 19:46:50.731Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 19:46:50.825Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
3/3/2020 - 19:46:50.825Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 19:46:50.825Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 19:46:50.825Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 19:46:50.965Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
3/3/2020 - 19:46:50.965Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 19:46:50.965Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 19:46:50.965Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 19:46:51.106Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
3/3/2020 - 19:46:51.106Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 19:46:51.106Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 19:46:51.106Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 19:46:51.247Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
3/3/2020 - 19:46:51.247Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 19:46:51.247Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 19:46:51.247Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 19:46:51.387Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
3/3/2020 - 19:46:51.387Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 19:46:51.387Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 19:46:51.387Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 19:46:51.481Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 19:46:51.481Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 19:46:51.481Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.528Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.575Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.622Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
3/3/2020 - 19:46:51.622Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.668Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.715Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.762Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.809Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.856Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.903Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.950Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
3/3/2020 - 19:46:51.950Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 19:46:51.950Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 19:46:51.950Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 19:46:52.90Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:52.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:52.465Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:52.465Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:52.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
3/3/2020 - 19:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
3/3/2020 - 19:46:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:53.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.590Open1480C:\malware.exeC:\dwmapi.dll
3/3/2020 - 19:46:53.590Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
3/3/2020 - 19:46:53.590Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
3/3/2020 - 19:46:53.590Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
3/3/2020 - 19:46:53.590Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
3/3/2020 - 19:46:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 19:46:53.637Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
3/3/2020 - 19:46:53.637Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 19:46:53.637Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 19:46:53.637Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:53.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/3/2020 - 19:46:53.684Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/3/2020 - 19:46:53.872Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/3/2020 - 19:46:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.12Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
3/3/2020 - 19:46:54.12Open1480C:\malware.exeC:\malware.config
3/3/2020 - 19:46:54.12Open1480C:\malware.exeC:\pt-BR\CDCiSWDq.resources.dll
3/3/2020 - 19:46:54.12Open1480C:\malware.exeC:\pt-BR\CDCiSWDq.resources\CDCiSWDq.resources.dll
3/3/2020 - 19:46:54.12Open1480C:\malware.exeC:\pt-BR\CDCiSWDq.resources.exe
3/3/2020 - 19:46:54.12Open1480C:\malware.exeC:\pt-BR\CDCiSWDq.resources\CDCiSWDq.resources.exe
3/3/2020 - 19:46:54.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/3/2020 - 19:46:54.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\malware.exe.Local
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:46:54.247Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:46:54.247Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/3/2020 - 19:46:54.247Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\pt\CDCiSWDq.resources.dll
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\pt\CDCiSWDq.resources\CDCiSWDq.resources.dll
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\pt\CDCiSWDq.resources.exe
3/3/2020 - 19:46:54.247Open1480C:\malware.exeC:\pt\CDCiSWDq.resources\CDCiSWDq.resources.exe
3/3/2020 - 19:46:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\WindowsCodecs.dll
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/3/2020 - 19:46:54.262Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/3/2020 - 19:46:54.262Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 19:46:54.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 19:46:54.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 19:46:54.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 19:46:54.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/3/2020 - 19:46:54.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/3/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:46:54.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:46:54.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:46:54.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/3/2020 - 19:46:54.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:54.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.122Open1480C:\malware.exeC:\RpcRtRemote.dll
3/3/2020 - 19:46:56.122Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/3/2020 - 19:46:56.122Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/3/2020 - 19:46:56.122Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/3/2020 - 19:46:56.122Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/3/2020 - 19:46:56.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:56.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:56.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
3/3/2020 - 19:46:57.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/3/2020 - 19:46:57.497Open1480C:\malware.exeC:\shfolder.dll
3/3/2020 - 19:46:57.497Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
3/3/2020 - 19:46:57.497Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
3/3/2020 - 19:46:57.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/3/2020 - 19:46:57.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:57.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:57.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/3/2020 - 19:46:58.43Open1480C:\malware.exeC:\imageres.dll
3/3/2020 - 19:46:58.43Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
3/3/2020 - 19:46:58.43Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
3/3/2020 - 19:46:58.278Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
3/3/2020 - 19:46:58.278Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
3/3/2020 - 19:46:58.278Open1480C:\malware.exeC:\Windows\SysWOW64\pt\imageres.dll.mui
3/3/2020 - 19:46:58.278Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
3/3/2020 - 19:46:58.278Read1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
3/3/2020 - 19:46:58.512Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
3/3/2020 - 19:46:58.512Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
3/3/2020 - 19:45:47.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/3/2020 - 19:45:47.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/3/2020 - 19:45:47.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/3/2020 - 19:45:47.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/3/2020 - 19:45:47.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
3/3/2020 - 19:46:7.653Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 72.76%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 75.57%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 59.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 75.44%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 94.98%
suspicious: True check_circle

Add to Collection
Download