Report #8535 check_circle

  • Creation Date: March 3, 2020, 4:37 p.m.
  • Last Update: March 4, 2020, 4:20 a.m.
  • File: Copia_Cheque.exe
  • Results:
Binary
DLL
False cancel
Size
37.00KB
trid
55.0% Generic CIL Executable
20.7% Win64 Executable
9.8% Windows screen saver
4.9% Win32 Dynamic Link Library
3.3% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
34c9a287ece807906e515a3e7cc71f2e
sha1
62c7cc1cb646f4352e34d3fe769fc705c3483050
crc32
0xbda4260a
sha224
2fd4e59182490bde82e866dab4f8a5c4ec92659bb0cedfa5c1ba2ee2
sha256
f459d5106485aa0c2d0cfd366f4c0bafd71da05a35d07005dd5f436014da1d3a
sha384
ef3b2b46dae84a0c36f504d9b97ac106720fceda363ec8f12934815e2937625a36fec2fa3081f13caaa4194057f080bf
sha512
857dc98b4ca648caaa5c91a78d80ffc961335eb2e60fc692afaada43cc1e9aa3624d6004a5104fa78db6265f48fc89d3e1cfa1615f1a96a70fe262332de57647
ssdeep
768:RtilZ/0ccrKaR6NhCqruoiW8qNlG6iaBtWoNA:PiH/0cAKBCq3vlKaq1
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, url, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, HasDebugData, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
http://kyyapi.net/mimari/atlasjet/slides/xmx/xueyqfwsascxz.exe
C:\Users\w7\Desktop\vai_q_vai\WindowsApplication1\WindowsApplication1\obj\x86\Debug\WindowsApplication1.pdb
My.Computer
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
WindowsApplication1.My
System.ComponentModel.Design
System.IO.Ports
4System.Web.Services.Protocols.SoapHttpClientProtocol
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
\xueyqfwsascxz.exe
WindowsApplication1.My.Resources
10.0.0.0
4.0.0.0
8.0.0.0
System.Windows.Forms.Form
3System.Resources.Tools.StronglyTypedResourceBuilder
System.Windows.Forms
WindowsApplication1.exe
WindowsApplication1.exe
WindowsApplication1.exe
mscoree.dll
add_Shutdown
get_Network
get_ResourceManager
set_ShutdownStyle
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
ServerComputer
DebuggerHiddenAttribute
AuthenticationMode
DebuggableAttribute
DebuggingModes
ShutdownMode
ResourceManager
DebuggerStepThroughAttribute
m_FormBeingCreated
Network
Dot Net Perls is awesome.
OnCreateMainForm
Hashtable
GetHashCode
Shell
Hide
$eebaed3c-297e-4550-a8d0-918b551b76ad
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
_Button22
_Button24
_Button23
_Button25
_Button27
_Button30
_Button17
_Button21
_Button20
_Button19
_Button28
_Button11
_Button29
_Button13
_Button26
_Button14
_Button15
_Button18
_Button16
_Button10
_Button12
DebuggerNonUserCodeAttribute
HideModuleNameAttribute
ShutdownEventHandler
set_Button27
set_Button30
get_Button10
get_Button28
set_Button10
get_Button17
set_Button28
get_Button29
set_Button16
set_Button29
get_Button30
get_Button11
get_Button16
get_Button18
set_Button11
set_Button15
get_Button15
set_Button14
get_Button14
set_Button13
get_Button13
set_Button12
set_Button17
get_Button12
set_Button18
get_Button22
get_Button27
set_Button26

Foremost
Matches
0.exe, 37 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://kyyapi.net/mimari/atlasjet/slides/xmx/xueyqfwsascxz.exe
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4096
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .sdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 40462
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-05-11 14:29:36
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 1

pushpopmath
.text: 2

cpuinstructionsresultscomparison
.text: 2

AVclass
None
1
VirusTotal
md5
34c9a287ece807906e515a3e7cc71f2e
sha1
62c7cc1cb646f4352e34d3fe769fc705c3483050
SCANS (DETECTION RATE = 52.31%)
AVG
result: Win32:Malware-gen
update: 20180325
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180324
version: 1.1.0.977
detected: False cancel

MAX
update: 20180325
version: 2017.11.15.1
detected: False cancel

Bkav
update: 20180325
version: 1.3.0.9466
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20180325
version: 10.42.26600
detected: True check_circle

ALYac
update: 20180325
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:Malware-gen
update: 20180325
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Kazy.37888
update: 20180324
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9950
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.DEVE-8519
update: 20180325
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.DownLoader13.13399
update: 20180325
version: 7.0.28.2020
detected: True check_circle

GData
update: 20180325
version: A:25.16495B:25.11872
detected: False cancel

Panda
result: Trj/CI.A
update: 20180324
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.MSIL.Small
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
update: 20180326
version: 65546
detected: False cancel

Zoner
update: 20180325
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180325
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180324
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180325
version: 28740
detected: True check_circle

F-Prot
update: 20180326
version: 4.7.1.166
detected: False cancel

McAfee
result: Artemis!34C9A287ECE8
update: 20180325
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180326
version: 25.0.0.1
detected: False cancel

Sophos
result: Troj/MSIL-CSN
update: 20180325
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Small!AcuLI2NsMlI
update: 20180324
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180326
version: 2.0.0.3520
detected: False cancel

Arcabit
update: 20180325
version: 1.0.0.831
detected: False cancel

Endgame
update: 20180316
version: 2.0.5
detected: False cancel

Tencent
result: Msil.Trojan-downloader.Small.Lkxt
update: 20180325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180324
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180325
version: v4.3.5
detected: False cancel

Ad-Aware
update: 20180325
version: 3.0.3.1010
detected: False cancel

AegisLab
result: Variant.Kazy.Gen!c
update: 20180325
version: 4.2
detected: True check_circle

Emsisoft
update: 20180325
version: 4.0.2.899
detected: False cancel

F-Secure
update: 20180324
version: 11.0.19100.45
detected: False cancel

Fortinet
result: MSIL/Small.UF!tr.dldr
update: 20180325
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: TrojanDownloader.MSIL.crk
update: 20180325
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180325
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20180325
version: 1.0
detected: False cancel

Symantec
result: Infostealer.Limitail
update: 20180324
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180325
version: 2018-03-25.01
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Downloader.C848477
update: 20180324
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.BTSGeneric
update: 20180325
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.MSIL.Small.zj
update: 20180325
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180325
version: 1.1.14600.4
detected: False cancel

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20180325
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.MSIL.Small.zj
update: 20180325
version: 1.0
detected: True check_circle

Cybereason
result: malicious.cb646f
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: MSIL/TrojanDownloader.Small.VM
update: 20180325
version: 17111
detected: True check_circle

TrendMicro
update: 20180326
version: 9.862.0.1074
detected: False cancel

WhiteArmor
update: 20180324
detected: False cancel

BitDefender
update: 20180325
version: 7.2
detected: False cancel

CrowdStrike
result: malicious_confidence_70% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20180325
version: 10.42.26601
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180324
version: 180324-00
detected: False cancel

Malwarebytes
result: PUP.Optional.Amonetize
update: 20180325
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20180324
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Skeeyah
update: 20180324
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dwn.drovzt
update: 20180325
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
update: 20180325
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20180324
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20180324
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0RBF18
update: 20180325
version: 9.950.0.1006
detected: True check_circle

total
65
sha256
f459d5106485aa0c2d0cfd366f4c0bafd71da05a35d07005dd5f436014da1d3a
scan_id
f459d5106485aa0c2d0cfd366f4c0bafd71da05a35d07005dd5f436014da1d3a-1521951314
resource
34c9a287ece807906e515a3e7cc71f2e
positives
34
scan_date
2018-03-25 04:15:14
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
4/3/2020 - 3:45:43.653Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/3/2020 - 3:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/3/2020 - 3:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/3/2020 - 3:45:43.653Open1480C:\malware.exeC:\
4/3/2020 - 3:45:43.653Unknown1480C:\malware.exeC:\
4/3/2020 - 3:45:43.653Open1480C:\malware.exeC:\Windows
4/3/2020 - 3:45:43.653Unknown1480C:\malware.exeC:\Windows
4/3/2020 - 3:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.684Open1480C:\malware.exeC:\malware.exe.config
4/3/2020 - 3:45:43.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/3/2020 - 3:45:43.700Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 3:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/3/2020 - 3:45:43.700Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/3/2020 - 3:45:43.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:43.731Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:43.731Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\
4/3/2020 - 3:45:43.731Unknown1480C:\malware.exeC:\
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\Monitor
4/3/2020 - 3:45:43.731Unknown1480C:\malware.exeC:\Monitor
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:43.731Unknown1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:43.731Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
4/3/2020 - 3:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
4/3/2020 - 3:45:43.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
4/3/2020 - 3:45:43.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\malware.config
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:43.778Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:43.778Unknown1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:43.778Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:45:43.778Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.778Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:43.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:43.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:43.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:43.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/3/2020 - 3:45:43.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/3/2020 - 3:45:43.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/3/2020 - 3:45:43.809Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:45:43.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.809Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:43.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/3/2020 - 3:45:43.825Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/3/2020 - 3:45:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:43.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:44.653Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
4/3/2020 - 3:45:44.793Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:44.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:44.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:45.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:45.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:45.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:45.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:45.262Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.403Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:46.997Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:47.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:47.840Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:47.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:48.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:48.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:49.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
4/3/2020 - 3:45:49.309Open1480C:\malware.exeC:\VERSION.dll
4/3/2020 - 3:45:49.309Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
4/3/2020 - 3:45:49.309Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
4/3/2020 - 3:45:49.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:49.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:49.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:51.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:51.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:51.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:51.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:51.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:51.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:51.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:52.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:53.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:53.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:53.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:53.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:53.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:53.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:53.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:53.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:53.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:53.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:53.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:53.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:53.997Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
4/3/2020 - 3:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.559Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.653Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.653Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:54.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:55.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:55.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:55.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:55.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:55.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:55.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:55.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:55.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:55.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:56.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:56.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:56.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:57.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
4/3/2020 - 3:45:57.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 3:45:57.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:45:57.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:45:57.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:45:57.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:0.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:0.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:0.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
4/3/2020 - 3:46:0.403Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:46:0.403Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/3/2020 - 3:46:0.403Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/3/2020 - 3:46:0.403Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/3/2020 - 3:46:0.403Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\ShFolder.DLL
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:0.450Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:0.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:0.450Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:0.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:0.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:0.450Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:0.450Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:0.465Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:0.481Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:0.481Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:0.481Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:0.481Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:0.481Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:0.481Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:0.528Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:0.528Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:0.528Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:0.622Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:0.668Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:0.668Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:0.668Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:0.856Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:0.856Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:0.856Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:0.997Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:1.43Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:1.43Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:1.43Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:1.137Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:1.137Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:1.137Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:1.137Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:1.231Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:1.231Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:1.231Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:1.231Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:1.325Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:1.325Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:1.325Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:1.325Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:1.465Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:1.465Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:1.465Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:1.465Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:1.606Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:1.653Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:1.653Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:1.653Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:1.747Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:1.793Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:1.793Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:1.793Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:1.887Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:1.887Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:1.887Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:1.887Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:1.981Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:1.981Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:1.981Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:1.981Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:2.543Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:2.965Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:3.12Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:3.153Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:3.153Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:3.153Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:3.153Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:3.293Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:3.293Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:3.293Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:3.293Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:3.387Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:3.387Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:3.387Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:3.387Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:3.481Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:3.528Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:3.528Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:3.528Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:3.622Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:3.668Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:3.668Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:3.668Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:3.762Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:3.762Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:3.762Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:3.762Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:3.856Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:3.856Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:3.856Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:3.856Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:3.950Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:3.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:3.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:3.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:4.90Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:4.137Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:4.137Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:4.137Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:4.231Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:4.231Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:4.231Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:4.231Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:4.325Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:4.325Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:4.325Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:4.325Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:4.418Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:4.418Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:4.418Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:4.418Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:4.512Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:4.512Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:4.512Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:4.512Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:4.606Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:4.653Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:4.653Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:4.653Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:4.934Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:5.75Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:5.75Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:5.75Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:5.356Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:5.497Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:5.497Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:5.497Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:5.637Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:5.684Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:5.684Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:5.684Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:5.778Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:5.825Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:5.825Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:5.825Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:6.481Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:7.184Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:7.559Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:7.981Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:8.356Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:9.59Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:9.762Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:10.137Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:10.590Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:10.965Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:10.965Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:10.965Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:11.106Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:11.153Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:11.153Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:11.153Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:11.481Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:11.809Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:11.809Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:11.809Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:12.137Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:12.418Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:12.418Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:12.418Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:12.793Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:13.168Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:13.168Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:13.215Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:13.590Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:13.918Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:13.918Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:13.918Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:14.434Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:14.809Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:14.809Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:14.809Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:14.856Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:14.856Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:15.793Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:15.934Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:16.28Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:16.28Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:16.28Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:16.450Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:16.778Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:16.918Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:17.387Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:17.715Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:17.809Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:17.903Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:17.997Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:18.90Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:18.231Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:18.325Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:18.325Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:18.325Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:18.465Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:18.512Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:18.747Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:18.840Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:19.75Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:19.356Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:19.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:19.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:19.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:19.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:19.731Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:19.825Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:20.12Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:20.12Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:20.12Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:20.340Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:20.434Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:20.950Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:21.43Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:21.653Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:21.747Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:21.747Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:21.747Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:21.840Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:22.122Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:22.122Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:22.122Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:22.122Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:22.590Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:22.965Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:22.965Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:22.965Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:22.965Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:24.137Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:24.465Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:25.590Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:25.590Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:25.590Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:25.590Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:25.965Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:25.965Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:25.965Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:25.965Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:26.997Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:27.231Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:27.325Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:27.512Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:28.918Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:29.293Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:29.668Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:29.762Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:33.231Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:33.231Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:33.231Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:33.231Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:33.325Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:33.325Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:33.325Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:33.325Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:33.418Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:33.418Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:33.418Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:33.418Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:33.793Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:33.934Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:33.934Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:33.934Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:34.122Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:34.309Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:34.309Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:34.309Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:34.450Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:34.778Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:34.965Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:34.965Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:34.965Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:35.106Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:35.622Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:35.856Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:36.137Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:36.137Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:36.137Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:36.278Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:36.512Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:36.512Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:36.512Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:36.653Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:36.981Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:36.981Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:36.981Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:37.122Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:37.356Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:37.356Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:37.356Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:37.450Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:37.450Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:37.450Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:37.450Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:37.637Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:37.637Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:37.637Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:37.637Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:37.825Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:37.825Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:37.825Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:37.825Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:37.965Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:38.153Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:38.340Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:38.528Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:38.668Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:38.856Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:39.43Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:39.137Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:39.137Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:39.137Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:39.231Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:39.325Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:39.325Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:39.325Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:39.418Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:39.465Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:39.465Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:39.465Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:39.559Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:39.606Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:39.606Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:39.606Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:39.700Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:39.747Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:39.747Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:39.747Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:39.840Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:39.887Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:39.887Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:39.887Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:39.981Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:39.981Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:39.981Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:39.981Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:40.75Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:40.75Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:40.75Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:40.75Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:40.215Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:41.809Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:41.809Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:41.809Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:41.903Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:41.903Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:41.903Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:41.903Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:41.997Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:41.997Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:41.997Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:41.997Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:42.90Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:42.90Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:42.90Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:42.90Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:42.184Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:42.184Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:42.184Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:42.184Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:42.325Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:42.606Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:42.840Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:42.840Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:42.840Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:42.840Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:42.934Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:42.934Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:42.934Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:42.934Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:43.28Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:43.28Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:43.28Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:43.28Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:43.122Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:43.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:43.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:43.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:43.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:43.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:43.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:43.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:43.309Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:43.309Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:43.309Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:43.309Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:43.731Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:43.731Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:43.731Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:43.731Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:43.872Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:43.872Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:43.872Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:43.872Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:43.965Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:43.965Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:43.965Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.12Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.59Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.106Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:44.106Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.153Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.200Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.247Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.293Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.340Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.387Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.434Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:44.434Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:44.434Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:44.434Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:44.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:44.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:44.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:44.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:44.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:45.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:45.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:45.965Open1480C:\malware.exeC:\dwmapi.dll
4/3/2020 - 3:46:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
4/3/2020 - 3:46:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
4/3/2020 - 3:46:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:46.12Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
4/3/2020 - 3:46:46.12Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:46:46.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:46:46.12Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:46:46.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:46:46.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/3/2020 - 3:46:46.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/3/2020 - 3:46:46.12Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
4/3/2020 - 3:46:46.12Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
4/3/2020 - 3:46:46.12Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:46.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:46.122Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
4/3/2020 - 3:46:46.122Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
4/3/2020 - 3:46:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:6.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.122Open1480C:\malware.exeC:\shfolder.dll
4/3/2020 - 3:48:6.122Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:48:6.122Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:48:6.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/3/2020 - 3:48:6.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/3/2020 - 3:48:6.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:6.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:6.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xueyqfwsascxz.exe
4/3/2020 - 3:48:6.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xueyqfwsascxz.exe
4/3/2020 - 3:48:6.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xueyqfwsascxz.exe
4/3/2020 - 3:48:6.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xueyqfwsascxz.exe
4/3/2020 - 3:48:6.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/3/2020 - 3:48:6.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
4/3/2020 - 3:48:6.168Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:48:6.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:6.184Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
4/3/2020 - 3:48:6.200Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:48:6.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:48:6.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:6.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:6.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:48:6.934Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
4/3/2020 - 3:48:7.75Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
4/3/2020 - 3:48:7.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:48:7.168Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:48:7.168Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:48:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:7.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:7.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:7.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:7.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:7.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:7.450Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:7.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 3:48:7.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:48:7.543Open1480C:\malware.exeC:\malware.config
4/3/2020 - 3:48:7.543Open1480C:\malware.exeC:\malware.config
4/3/2020 - 3:48:7.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:7.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:7.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:7.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:7.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:7.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:7.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:7.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:7.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xueyqfwsascxz.exe
4/3/2020 - 3:48:7.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:7.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:8.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
4/3/2020 - 3:48:8.622Open1480C:\malware.exeC:\rasapi32.dll
4/3/2020 - 3:48:8.622Open1480C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
4/3/2020 - 3:48:8.622Open1480C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
4/3/2020 - 3:48:8.903Open1480C:\malware.exeC:\rasman.dll
4/3/2020 - 3:48:8.903Open1480C:\malware.exeC:\Windows\SysWOW64\rasman.dll
4/3/2020 - 3:48:8.903Open1480C:\malware.exeC:\Windows\SysWOW64\rasman.dll
4/3/2020 - 3:48:9.309Open1480C:\malware.exeC:\rtutils.dll
4/3/2020 - 3:48:9.309Open1480C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
4/3/2020 - 3:48:9.356Open1480C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
4/3/2020 - 3:48:9.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:9.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 3:48:9.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:9.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
4/3/2020 - 3:48:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
4/3/2020 - 3:48:9.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:9.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:9.747Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
4/3/2020 - 3:48:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.747Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
4/3/2020 - 3:48:9.747Open1480C:\malware.exeC:\malware.config
4/3/2020 - 3:48:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.747Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:9.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:9.762Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:9.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:48:9.762Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:48:9.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:9.762Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:9.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:48:9.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:48:9.762Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:48:9.762Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.762Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
4/3/2020 - 3:48:10.90Open1480C:\malware.exeC:\winhttp.dll
4/3/2020 - 3:48:10.90Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
4/3/2020 - 3:48:10.90Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
4/3/2020 - 3:48:10.90Open1480C:\malware.exeC:\webio.dll
4/3/2020 - 3:48:10.90Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
4/3/2020 - 3:48:10.90Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
4/3/2020 - 3:48:10.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.137Open1480C:\malware.exeC:\cryptsp.dll
4/3/2020 - 3:48:10.137Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
4/3/2020 - 3:48:10.137Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
4/3/2020 - 3:48:10.137Open1480C:\malware.exeC:\credssp.dll
4/3/2020 - 3:48:10.137Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
4/3/2020 - 3:48:10.137Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
4/3/2020 - 3:48:10.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.231Open1480C:\malware.exeC:\IPHLPAPI.DLL
4/3/2020 - 3:48:10.231Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
4/3/2020 - 3:48:10.231Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
4/3/2020 - 3:48:10.231Open1480C:\malware.exeC:\WINNSI.DLL
4/3/2020 - 3:48:10.231Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
4/3/2020 - 3:48:10.231Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
4/3/2020 - 3:48:10.231Open1480C:\malware.exeC:\dhcpcsvc6.DLL
4/3/2020 - 3:48:10.231Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
4/3/2020 - 3:48:10.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
4/3/2020 - 3:48:10.231Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
4/3/2020 - 3:48:10.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
4/3/2020 - 3:48:10.278Open1480C:\malware.exeC:\dhcpcsvc.DLL
4/3/2020 - 3:48:10.278Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
4/3/2020 - 3:48:10.278Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
4/3/2020 - 3:48:10.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\CRYPTSP.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\RpcRtRemote.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
4/3/2020 - 3:48:10.559Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
4/3/2020 - 3:48:10.559Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
4/3/2020 - 3:48:10.559Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
4/3/2020 - 3:48:10.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.606Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
4/3/2020 - 3:48:10.606Open1480C:\malware.exeC:\DNSAPI.dll
4/3/2020 - 3:48:10.606Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
4/3/2020 - 3:48:10.606Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
4/3/2020 - 3:48:10.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:10.747Open1480C:\malware.exeC:\rasadhlp.dll
4/3/2020 - 3:48:10.747Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
4/3/2020 - 3:48:10.747Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
4/3/2020 - 3:48:13.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.75Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
4/3/2020 - 3:48:13.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
4/3/2020 - 3:48:13.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
4/3/2020 - 3:48:13.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
4/3/2020 - 3:48:13.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
4/3/2020 - 3:48:13.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xueyqfwsascxz.exexueyqfwsascxz.exe
4/3/2020 - 3:48:13.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xueyqfwsascxz.exe
4/3/2020 - 3:48:13.106Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles\xueyqfwsascxz.exe
4/3/2020 - 3:48:13.106Unknown1480C:\malware.exeC:\Monitor\Files\DeletedFiles\xueyqfwsascxz.exexueyqfwsascxz.exe
4/3/2020 - 3:48:13.106Delete1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xueyqfwsascxz.exexueyqfwsascxz.exe
4/3/2020 - 3:48:13.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xueyqfwsascxz.exexueyqfwsascxz.exe
4/3/2020 - 3:48:13.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.122Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:48:13.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.exe
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.exe
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
4/3/2020 - 3:48:13.137Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
4/3/2020 - 3:48:13.153Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:48:13.153Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:48:13.153Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:48:13.153Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:48:13.153Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:48:13.153Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
4/3/2020 - 3:48:13.153Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
4/3/2020 - 3:48:13.153Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
4/3/2020 - 3:48:13.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
4/3/2020 - 3:48:13.278Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
4/3/2020 - 3:48:13.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.325Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.372Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.418Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.465Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
4/3/2020 - 3:48:13.512Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:48:13.512Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:48:13.512Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:48:13.512Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb
4/3/2020 - 3:48:13.512Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 3:48:13.512Open1480C:\malware.exeC:\Windows\symbols\dll\System.pdb
4/3/2020 - 3:48:13.512Open1480C:\malware.exeC:\Windows\dll\System.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\System.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\symbols\dll\Microsoft.VisualBasic.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\dll\Microsoft.VisualBasic.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\Microsoft.VisualBasic.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\malware.PDB
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\WindowsApplication1.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\symbols\exe\WindowsApplication1.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\exe\WindowsApplication1.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\WindowsApplication1.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\symbols\dll\System.Windows.Forms.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\dll\System.Windows.Forms.pdb
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\System.Windows.Forms.pdb
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.528Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
4/3/2020 - 3:48:13.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
4/3/2020 - 3:48:13.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
4/3/2020 - 3:48:13.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Open1480C:\malware.exeC:\WindowsCodecs.dll
4/3/2020 - 3:48:13.575Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
4/3/2020 - 3:48:13.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
4/3/2020 - 3:48:13.575Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
4/3/2020 - 3:48:13.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.590Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
4/3/2020 - 3:48:13.590Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
4/3/2020 - 3:48:13.653Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:48:13.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:48:13.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:48:13.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:48:13.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:48:13.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:48:13.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
4/3/2020 - 3:46:0.450Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
4/3/2020 - 3:48:9.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
4/3/2020 - 3:48:9.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
4/3/2020 - 3:48:9.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileTracingMask
4/3/2020 - 3:48:9.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
4/3/2020 - 3:48:9.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32MaxFileSize
4/3/2020 - 3:48:9.637Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileDirectory
4/3/2020 - 3:48:9.747Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableFileTracing
4/3/2020 - 3:48:9.747Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableConsoleTracing
4/3/2020 - 3:48:9.747Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileTracingMask
4/3/2020 - 3:48:9.747Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSConsoleTracingMask
4/3/2020 - 3:48:9.747Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSMaxFileSize
4/3/2020 - 3:48:9.747Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileDirectory

File Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code kyyapi.net.
computer localhost arrow_forward computer gateway:DNS code kyyapi.net.

Response

TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 61.16%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 95.84%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.50%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 42.24%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.86%
suspicious: False cancel

Add to Collection
Download