Report #8540 check_circle

  • Creation Date: March 3, 2020, 4:37 p.m.
  • Last Update: March 4, 2020, 4:43 a.m.
  • File: CopiaCheques.exe
  • Results:
Binary
DLL
False cancel
Size
479.02KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
8158fbefc24c9897179429262370938b
sha1
a676e6e0c1f86d0f580b2a1feb9a8a88eae2b054
crc32
0xc121dced
sha224
6c68f8be3c0b4f2af536bf31ce08412ffdec239c81f1cab9e804a1f9
sha256
88b19dd66861f517e46b0cb7e98dc5f074b70d05bf8a21bf1c5b4fd05e658e0e
sha384
aeb584eb3366004a7692a795c2a0ac1791e7301594fcab3c4297c38122a43cb8a97452b74471f367e7d40e224f5e69d7
sha512
da2d484cd2c84b75cf6a452bc19d0d0a96df8cbfc01937143cbcb6bb38ef5731c846151ac3051fc20efca6115fc757f9051d1e9800d49ec83872549aaedcd904
ssdeep
12288:Rk8kfkxaVYxnX7Nccz49LeB3KkI72DQImH80DG//:RkHkxa6dhc406Bt
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, HasDigitalSignature, Microsoft_Visual_Studio_NET_additional, screenshot, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, HasOverlay, NET_executable_, url, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
System.Security
getaCert - www.getacert.com
My.Computer
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
System.ComponentModel.Design
4System.Web.Services.Protocols.SoapHttpClientProtocol
UxTheme.dll
dwmapi.dll
yfROxRFR.exe
yfROxRFR.exe
yfROxRFR.exe
4.3.5.6
4.3.5.6
4.3.5.6
4.3.5.6
]?#
10.0.0.0
8.0.0.0
4.0.0.0
System.Windows.Forms.VisualStyles
name="Microsoft.Windows.Common-Controls"
TrySetApartmentState
DelegateCallback
System.Windows.Forms.Form
ISR1aJ
C|%AS
o~%iG
3System.Resources.Tools.StronglyTypedResourceBuilder
ApartmentState
remove_ColorChanged
RdOY
Delegate
CreateDelegate
DelegateAsyncState
DelegateAsyncResult
MulticastDelegate
System.Windows.Forms
<!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->
requestedExecutionLevel node with one of the following.
mscoree.dll
add_Shutdown
get_WindowListener
set_WindowListener
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
set_UserName
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
set_Password
get_Registry
get_ResourceManager
LOL@run.away0
set_ShutdownStyle
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
publicKeyToken="6595b64144ccf1df"
ServerComputer
DebuggerHiddenAttribute
WindowListener
DestroyHandle
DebuggerBrowsableState
AuthenticationMode
RegistryProxy
DebuggableAttribute
DebuggingModes
ShutdownMode
ResourceManager
DebuggerStepThroughAttribute
@Is Automatical change AeroBackgound to True when Aero is Enable?
m_FormBeingCreated
Aero Glass Enabled.
D4EE
DTT_COMPOSITED
DWM_BB_ENABLE
It can be slow in big forms.
Occurs when Aero Color changed.
DWM_BB_BLURREGION
DWM_TNP_OPACITY
DWM_TNP_VISIBLE
DWM_TNP_RECTSOURCE
DWM_TNP_RECTDESTINATION
DTT_GLOWSIZE
OnCreateMainForm
DTT_TEXTCOLOR
Hashtable
*4_/
WM_DWMNCRENDERINGCHANGED
GetHashCode
Hide
BitBlt
in <
$929cbe4a-3840-41dc-9e48-6f35b0ed519b
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>-->
Random
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
set_BackgroundImage
get_BackgroundImage

Foremost
Matches
0.exe, 477 KB, 39.png, 240 KB, 522.png, 86 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 4.3.5.6, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed: http://www.w3.org/2001/xmlschema-instance
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: dwmapi.dll, gdi32.dll, UxTheme.dll, mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 71680
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 519828
Suspicous: False cancel

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 424574
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: dwmapi.dll, gdi32.dll, uxtheme.dll, mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-04-02 06:39:01
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 162

pushpopmath
.text: 109

ss register
.text: 3

garbagebytes
.text: 57

hookdetection
.text: 9

software breakpoint
.text: 4

fakeconditionaljumps
.text: 4

programcontrolflowchange
.text: 53

cpuinstructionsresultscomparison
.text: 1

AVclass
banload
1
VirusTotal
md5
8158fbefc24c9897179429262370938b
sha1
a676e6e0c1f86d0f580b2a1feb9a8a88eae2b054
SCANS (DETECTION RATE = 73.85%)
AVG
result: Win32:Broban-AR [Trj]
update: 20180324
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180324
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 004ba1691 )
update: 20180323
version: 10.42.26598
detected: True check_circle

ALYac
result: Trojan.GenericKD.2270178
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Broban-AR [Trj]
update: 20180324
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Dldr.Banload.490512
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9999
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Backdoor.KMEB-7595
update: 20180324
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.DownLoader12.55445
update: 20180324
version: 7.0.28.2020
detected: True check_circle

GData
result: Win32.Trojan.Agent.PSWXUL
update: 20180324
version: A:25.16483B:25.11862
detected: True check_circle

Panda
result: Trj/Agent.IVN
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.MSIL.Banload
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180324
version: 65482
detected: True check_circle

Zoner
update: 20180324
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180324
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180323
version: 28733
detected: True check_circle

F-Prot
result: W32/Backdoor2.HXYR
update: 20180324
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.wd
update: 20180324
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.DL.Win32.Banload.gdq (CLASSIC)
update: 20180324
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/Generic-L
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!okkUic/zFWs
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.61107
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Generic.D22A3E2
update: 20180324
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180324
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan.Falsesign.Dxwi
update: 20180324
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180324
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.2270178
update: 20180324
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Downloader.Msil.Banload!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.2270178 (B)
update: 20180324
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.2270178
update: 20180324
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banload.SJG!tr.dldr
update: 20180324
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
update: 20180324
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180324
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180324
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Spyware/Win32.Limitail.R141248
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
update: 20180323
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan-Downloader.MSIL.Banload.arc
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:MSIL/Banload
update: 20180324
version: 1.1.14600.4
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.MSIL.Banload.arc
update: 20180324
version: 1.0
detected: True check_circle

ESET-NOD32
result: Win32/TrojanDownloader.Banload.SJG
update: 20180323
version: 17107
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DJR17
update: 20180324
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Trojan.GenericKD.2270178
update: 20180324
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 004ba1691 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.Banload
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dwn.dqeeec
update: 20180324
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.2270178
update: 20180324
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
result: Trojan.Agent/Gen-Banload
update: 20180323
version: 5.6.0.1032
detected: True check_circle

McAfee-GW-Edition
result: Generic.wd
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DJR17
update: 20180324
version: 9.950.0.1006
detected: True check_circle

total
65
sha256
88b19dd66861f517e46b0cb7e98dc5f074b70d05bf8a21bf1c5b4fd05e658e0e
scan_id
88b19dd66861f517e46b0cb7e98dc5f074b70d05bf8a21bf1c5b4fd05e658e0e-1521854095
resource
8158fbefc24c9897179429262370938b
positives
48
scan_date
2018-03-24 01:14:55
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
4/3/2020 - 3:45:44.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.684Open1480C:\malware.exeC:\malware.exe.config
4/3/2020 - 3:45:44.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
4/3/2020 - 3:45:44.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
4/3/2020 - 3:45:44.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
4/3/2020 - 3:45:44.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
4/3/2020 - 3:45:44.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/3/2020 - 3:45:44.700Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:45:44.700Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 3:45:44.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/3/2020 - 3:45:44.700Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.403Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:45.450Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:45.497Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.200Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.200Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.200Open1480C:\malware.exeC:\
4/3/2020 - 3:45:46.200Unknown1480C:\malware.exeC:\
4/3/2020 - 3:45:46.200Open1480C:\malware.exeC:\Monitor
4/3/2020 - 3:45:46.200Unknown1480C:\malware.exeC:\Monitor
4/3/2020 - 3:45:46.200Open1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:46.200Unknown1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:46.200Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.200Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
4/3/2020 - 3:45:46.293Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:46.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/3/2020 - 3:45:46.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\RichEd20.dll
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\CRYPTSP.dll
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
4/3/2020 - 3:45:46.528Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
4/3/2020 - 3:45:46.590Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
4/3/2020 - 3:45:46.590Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\ncrypt.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\bcrypt.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
4/3/2020 - 3:45:46.590Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
4/3/2020 - 3:45:46.590Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
4/3/2020 - 3:45:46.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
4/3/2020 - 3:45:46.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
4/3/2020 - 3:45:46.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
4/3/2020 - 3:45:46.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
4/3/2020 - 3:45:46.606Open1480C:\malware.exeC:\GPAPI.dll
4/3/2020 - 3:45:46.606Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
4/3/2020 - 3:45:46.606Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
4/3/2020 - 3:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
4/3/2020 - 3:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
4/3/2020 - 3:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\cryptnet.dll
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\SensApi.dll
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
4/3/2020 - 3:45:46.700Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
4/3/2020 - 3:45:46.747Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
4/3/2020 - 3:45:46.747Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
4/3/2020 - 3:45:46.747Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
4/3/2020 - 3:45:46.747Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
4/3/2020 - 3:45:46.747Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
4/3/2020 - 3:45:46.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
4/3/2020 - 3:45:46.793Open1480C:\malware.exeC:\malware.config
4/3/2020 - 3:45:46.793Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.793Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.793Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.840Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.840Open1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:46.840Unknown1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.840Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
4/3/2020 - 3:45:46.840Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.840Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/3/2020 - 3:45:46.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/3/2020 - 3:45:46.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/3/2020 - 3:45:46.856Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:45:46.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:46.856Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:46.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.934Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
4/3/2020 - 3:45:46.934Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
4/3/2020 - 3:45:46.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:45:46.934Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:46.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:45:46.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:46.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:46.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:46.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:46.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:46.981Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:46.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:47.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:47.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:47.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:47.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:47.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:47.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:47.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:47.731Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:47.731Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.731Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:47.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.903Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/3/2020 - 3:45:48.43Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/3/2020 - 3:45:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:49.122Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
4/3/2020 - 3:45:49.262Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.262Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
4/3/2020 - 3:45:49.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:49.731Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.918Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:51.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:51.700Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:51.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:52.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:52.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:52.825Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:52.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:53.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
4/3/2020 - 3:45:53.825Open1480C:\malware.exeC:\VERSION.dll
4/3/2020 - 3:45:53.825Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
4/3/2020 - 3:45:53.825Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
4/3/2020 - 3:45:53.825Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:53.825Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:53.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:53.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:53.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:53.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:53.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:55.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:57.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.137Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
4/3/2020 - 3:45:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.559Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.653Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.653Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:58.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:59.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:59.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:59.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:0.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:1.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
4/3/2020 - 3:46:1.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 3:46:1.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:46:1.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:46:1.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:46:1.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:2.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:3.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:3.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:3.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:3.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:3.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:3.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:4.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:4.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:5.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:5.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:5.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:5.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:5.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:5.825Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:46:5.825Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
4/3/2020 - 3:46:5.965Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
4/3/2020 - 3:46:6.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:6.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:6.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:6.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:6.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:6.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:6.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:6.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:6.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:6.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:6.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:6.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:6.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:6.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:6.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:6.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:6.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:6.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:6.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:7.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
4/3/2020 - 3:46:7.43Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:46:7.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/3/2020 - 3:46:7.43Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/3/2020 - 3:46:7.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/3/2020 - 3:46:7.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/3/2020 - 3:46:7.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:7.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:7.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:7.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\ShFolder.DLL
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:7.90Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:7.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:7.90Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:7.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:7.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:7.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:7.90Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:7.106Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:7.168Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:7.215Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:7.215Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:7.215Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:7.215Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:7.356Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:7.403Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:7.403Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:7.403Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:7.497Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:7.543Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:7.543Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:7.543Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:7.684Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:7.731Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:7.731Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:7.731Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:7.872Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:7.918Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:8.106Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:8.106Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:8.106Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:8.106Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:8.200Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:8.200Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:8.200Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:8.200Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:8.481Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:8.528Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:8.528Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:8.528Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:8.622Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:8.762Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:8.762Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:8.762Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:8.762Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:8.856Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:8.856Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:8.856Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:8.856Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:9.418Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:9.887Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:9.934Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:9.981Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:9.981Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:9.981Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:9.981Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:10.75Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:10.75Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:10.75Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:10.75Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:10.215Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:10.215Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:10.215Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:10.215Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:10.309Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:10.309Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:10.309Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:10.309Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:10.403Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:10.450Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:10.450Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:10.450Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:10.543Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:10.590Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:10.590Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:10.590Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:10.778Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:10.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:10.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:10.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:10.872Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:10.918Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:10.918Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:10.918Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:11.12Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:11.59Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:11.59Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:11.59Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:11.153Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:11.200Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:11.200Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:11.200Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:11.293Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:11.293Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:11.293Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:11.293Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:11.387Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:11.387Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:11.387Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:11.387Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:11.481Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:11.481Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:11.481Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:11.481Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:11.575Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:11.622Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:11.622Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:11.622Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:11.903Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:12.43Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:12.43Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:12.43Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:12.325Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:12.465Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:12.465Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:12.465Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:12.606Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:12.653Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:12.653Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:12.653Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:12.747Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:12.793Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:12.793Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:12.793Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:13.497Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:14.200Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:14.575Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:14.997Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:16.28Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:16.731Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:17.106Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:17.559Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:17.934Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:17.934Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:17.934Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:18.75Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:18.122Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:18.122Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:18.122Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:18.450Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:18.778Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:18.778Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:18.778Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:19.762Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:20.137Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:20.137Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:20.137Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:20.840Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:20.840Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:20.840Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:21.356Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:21.731Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:21.731Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:21.731Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:21.731Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:21.731Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:22.668Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:23.325Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:23.793Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:23.887Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:24.262Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:24.778Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:24.778Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:24.778Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:24.778Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:25.106Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:25.200Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:25.387Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:26.231Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:26.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:26.606Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:26.700Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:27.122Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:27.122Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:27.122Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:27.215Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:27.309Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:27.309Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:27.309Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:27.309Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:27.637Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:28.247Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:28.340Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:28.340Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:28.340Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:28.622Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:28.715Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:28.997Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:29.231Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:29.231Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:29.231Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:29.231Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:29.372Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:29.559Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:29.747Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:29.840Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:30.28Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:30.122Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:30.122Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:30.122Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:30.122Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:30.215Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:30.215Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:30.215Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:30.215Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:31.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:31.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:31.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:31.247Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:31.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:31.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:31.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:31.434Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:31.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:31.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:31.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:31.809Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:31.809Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:31.809Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:31.809Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:31.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:31.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:31.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:32.184Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:32.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:32.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:32.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:32.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:32.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:32.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:32.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:32.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:32.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:32.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:32.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:32.465Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:32.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:32.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:32.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:32.559Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:32.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:32.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:32.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:32.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:33.168Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:33.168Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:33.168Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:33.262Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:33.356Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:33.450Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:33.590Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:33.731Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:33.872Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:34.12Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:34.106Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:34.200Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:34.387Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:34.481Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:34.575Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:34.950Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:35.137Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:35.418Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:35.512Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:35.512Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:35.512Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:35.793Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:35.887Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:36.168Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:36.262Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:36.356Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:36.450Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:36.543Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:36.543Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:36.543Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:36.543Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:36.637Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:36.731Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:36.825Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:36.918Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:36.918Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:36.918Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:36.918Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:37.12Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:37.106Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:37.200Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:37.293Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:37.293Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:37.293Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:37.293Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:37.387Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:37.481Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:37.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:37.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:37.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:37.575Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:37.575Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:37.575Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:37.575Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:37.668Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:37.668Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:37.668Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:37.668Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:37.762Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:37.762Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:37.762Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:37.762Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:37.856Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:37.856Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:37.856Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:37.856Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:37.950Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:37.950Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:37.950Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:37.950Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:38.43Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:38.137Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:38.137Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:38.137Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:38.137Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:38.231Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:38.325Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:38.325Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:38.325Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:38.325Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:38.418Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:38.512Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:38.512Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:38.512Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:38.512Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:38.606Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:38.700Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:38.700Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:38.700Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:38.700Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:38.793Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:38.887Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:38.981Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:39.75Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:39.168Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:39.262Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:39.262Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:39.262Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:39.262Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:39.356Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:39.356Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:39.356Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:39.356Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:39.450Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:39.543Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:39.637Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:39.637Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:39.637Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:39.637Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:39.731Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:39.825Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:39.918Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:39.918Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:39.918Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:39.918Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:40.12Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:40.12Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:40.12Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:40.12Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:40.106Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:40.200Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:40.293Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:40.387Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:40.387Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:40.387Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:40.387Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:40.668Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:40.809Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:40.809Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:40.809Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:40.950Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:40.997Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:41.184Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:41.184Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:41.184Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:41.325Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:41.512Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:41.512Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:41.512Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:41.653Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:41.840Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:41.840Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:41.840Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:41.981Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:42.168Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:42.168Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:42.168Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:42.497Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:42.731Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:43.12Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:43.12Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:43.12Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:43.153Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:43.387Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:43.387Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:43.387Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:43.528Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:43.856Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:43.856Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:43.856Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:43.997Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:44.262Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:44.262Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:44.262Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:44.450Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:44.450Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:44.450Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:44.450Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:44.731Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:44.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:44.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:44.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:44.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:44.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:44.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:45.59Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:45.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:45.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:45.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:45.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:45.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:45.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:45.481Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:45.481Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:45.481Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:45.575Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:45.668Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:45.668Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:45.668Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:45.762Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:45.950Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:46.43Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:46.43Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:46.43Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:46.137Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:46.231Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:46.231Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:46.231Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:46.325Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:46.512Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:46.512Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:46.512Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:46.606Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:46.793Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:46.793Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:46.793Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:46.887Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:46.887Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:46.887Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:46.887Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:46.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:48.715Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:48.715Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:48.715Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:48.809Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:48.809Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:48.809Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:48.809Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:48.903Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:48.903Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:48.903Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:48.903Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:48.997Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:48.997Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:48.997Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:48.997Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:49.90Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:49.90Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:49.90Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:49.90Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:49.231Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:49.231Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:49.231Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:49.231Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:49.372Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:49.372Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:49.372Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:49.372Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:49.512Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:49.512Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:49.512Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:49.512Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:49.653Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:49.653Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:49.653Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:49.653Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:49.747Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:49.747Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:49.747Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:49.747Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:49.840Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:49.840Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:49.840Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:49.840Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:49.934Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:49.934Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:49.934Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:49.934Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:50.28Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:50.28Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:50.28Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:50.28Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:50.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:50.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:50.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:50.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:50.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:50.215Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:50.215Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:50.215Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:50.356Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:50.356Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:50.356Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:50.356Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:50.497Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:50.497Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:50.497Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:50.497Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:50.778Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:50.778Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:50.778Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:50.778Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:50.872Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:50.872Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:50.872Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:50.872Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:50.918Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:50.965Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:51.12Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:51.12Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:51.59Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:51.106Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:51.153Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:51.200Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:51.247Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:51.293Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:51.340Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:51.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:51.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:51.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:51.481Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:51.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:51.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:51.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:51.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:51.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:51.950Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
4/3/2020 - 3:46:51.950Open1480C:\malware.exeC:\malware.config
4/3/2020 - 3:46:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:51.997Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:52.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:52.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:52.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:52.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:52.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:53.637Open1480C:\malware.exeC:\WindowsCodecs.dll
4/3/2020 - 3:46:53.637Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
4/3/2020 - 3:46:53.637Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
4/3/2020 - 3:46:53.637Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
4/3/2020 - 3:46:53.637Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
4/3/2020 - 3:46:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:53.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
4/3/2020 - 3:46:53.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:54.200Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:55.43Open1480C:\malware.exeC:\Windows\Globalization\en-bz.nlp
4/3/2020 - 3:46:55.43Open1480C:\malware.exeC:\pt-BR\yfROxRFR.resources.dll
4/3/2020 - 3:46:55.43Open1480C:\malware.exeC:\pt-BR\yfROxRFR.resources\yfROxRFR.resources.dll
4/3/2020 - 3:46:55.43Open1480C:\malware.exeC:\pt-BR\yfROxRFR.resources.exe
4/3/2020 - 3:46:55.43Open1480C:\malware.exeC:\pt-BR\yfROxRFR.resources\yfROxRFR.resources.exe
4/3/2020 - 3:46:55.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
4/3/2020 - 3:46:55.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:46:55.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:46:55.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:46:55.278Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\pt\yfROxRFR.resources.dll
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\pt\yfROxRFR.resources\yfROxRFR.resources.dll
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\pt\yfROxRFR.resources.exe
4/3/2020 - 3:46:55.278Open1480C:\malware.exeC:\pt\yfROxRFR.resources\yfROxRFR.resources.exe
4/3/2020 - 3:46:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:55.293Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
4/3/2020 - 3:46:55.293Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
4/3/2020 - 3:46:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:55.387Open1480C:\malware.exeC:\dwmapi.dll
4/3/2020 - 3:46:55.387Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
4/3/2020 - 3:46:55.387Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
4/3/2020 - 3:46:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:55.434Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll
4/3/2020 - 3:46:55.434Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:46:55.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:46:55.434Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:46:55.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:46:55.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/3/2020 - 3:46:55.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/3/2020 - 3:46:55.434Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
4/3/2020 - 3:46:55.434Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
4/3/2020 - 3:46:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.450Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:55.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:55.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:55.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:55.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:55.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:55.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:55.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:55.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:55.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:55.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:56.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:57.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.340Open1480C:\malware.exeC:\RpcRtRemote.dll
4/3/2020 - 3:46:57.340Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
4/3/2020 - 3:46:57.340Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
4/3/2020 - 3:46:57.340Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
4/3/2020 - 3:46:57.340Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
4/3/2020 - 3:46:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:58.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
4/3/2020 - 3:46:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:58.778Open1480C:\malware.exeC:\shfolder.dll
4/3/2020 - 3:46:58.778Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:58.778Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:58.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:58.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:58.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:59.184Open1480C:\malware.exeC:\imageres.dll
4/3/2020 - 3:46:59.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
4/3/2020 - 3:46:59.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
4/3/2020 - 3:46:59.418Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
4/3/2020 - 3:46:59.418Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
4/3/2020 - 3:46:59.418Open1480C:\malware.exeC:\Windows\SysWOW64\pt\imageres.dll.mui
4/3/2020 - 3:46:59.418Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
4/3/2020 - 3:46:59.418Read1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
4/3/2020 - 3:46:59.653Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
4/3/2020 - 3:46:59.653Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
4/3/2020 - 3:45:46.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:45:46.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:45:46.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:45:46.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:45:46.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:46:7.90Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 72.09%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 62.75%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 55.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 81.16%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 96.92%
suspicious: True check_circle

Add to Collection
Download