Report #8541 check_circle

  • Creation Date: March 3, 2020, 4:37 p.m.
  • Last Update: March 4, 2020, 4:47 a.m.
  • File: CopiaCheques_.exe
  • Results:
Binary
DLL
False cancel
Size
635.88KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
a71931090d30ee95868050b9a4c70c9a
sha1
c5c229a9bab1c77424f373e4cb1f477ace7476c1
crc32
0xf2ef528
sha224
8c413eaa0dc13fa9ff385051de241c77268bcba679f8e828462cdc47
sha256
eed8dfdbc7c14c6d1a94cabe5df69d154667f46f5de0fde844335bf061990000
sha384
726c13d866b1f26fd4b270b53a43d4e0ff6a53d977b931b3f8f6a894bd016a82d573c76551ba1cf114d449947e5cf873
sha512
50d90dc79ba489b56a912de9d472ec9cc7376bf7b03d5e0b1b23d8807499bc67673f8535f6dab02fb7229eb975b7467aac16a835fba56d68ebb7347221cfbac1
ssdeep
12288:YIuw7QbrkQ0jqMqaEZeW6xLa26MFRS8ysepmiJbbClWLI4RMcIaPTkfj5gRrr5F5:Vuw7ioQ0+g+MxLa5MLRcn5
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, HasDigitalSignature, Microsoft_Visual_Studio_NET_additional, screenshot, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, HasOverlay, NET_executable_, url, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
contact@MonDo444.com
contact@MonDo444.com
My.Computer
f.ai
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
System.ComponentModel.Design
4System.Web.Services.Protocols.SoapHttpClientProtocol
UxTheme.dll
dwmapi.dll
1.4.3.6
1.4.3.6
1.4.3.6
1.4.3.6
OnHandleCreated
:dao3\5
10.0.0.0
8.0.0.0
4.0.0.0
}I%R%4cy
System.Windows.Forms.VisualStyles
name="Microsoft.Windows.Common-Controls"
TrySetApartmentState
DelegateCallback
System.Windows.Forms.Form
%fn0hb
3System.Resources.Tools.StronglyTypedResourceBuilder
ApartmentState
get_IsHandleCreated
remove_ColorChanged
DelegateAsyncResult
Delegate
CreateDelegate
DelegateAsyncState
MulticastDelegate
System.Windows.Forms
<!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->
3. %s=u &s=uaE
requestedExecutionLevel node with one of the following.
OnHandleDestroyed
mscoree.dll
contact@MonDo444.com0
contact@MonDo444.com0
add_Shutdown
set_WindowListener
get_WindowListener
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
set_HelpMenu
get_HelpMenu
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
get_Registry
set_Capture
get_ResourceManager
set_ShutdownStyle
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
1O)Y.GP
publicKeyToken="6595b64144ccf1df"
k.lpd
ServerComputer
DebuggerHiddenAttribute
WindowListener
FileSystemProxy
set_CheckOnClick
DestroyHandle
DebuggerBrowsableState
AuthenticationMode
RegistryProxy
DebuggableAttribute
DebuggingModes
ShutdownMode
ResourceManager
DebuggerStepThroughAttribute
Debugger
HelpMenu
get_OpenToolStripMenuItem
@Is Automatical change AeroBackgound to True when Aero is Enable?
VirtualProtect
m_FormBeingCreated
Aero Glass Enabled.
DTT_COMPOSITED
d7aE
c0aE

Foremost
Matches
0.exe, 634 KB, 235.png, 587 B, 237.png, 524 B, 238.png, 769 B, 240.png, 374 B, 241.png, 707 B, 243.png, 706 B, 244.png, 578 B, 246.png, 661 B, 247.png, 512 B, 249.png, 666 B, 250.png, 817 B, 252.png, 529 B, 254.png, 257 KB, 769.png, 28 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.4.3.6, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed: http://www.w3.org/2001/xmlschema-instance
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, mscoree.dll, dwmapi.dll, gdi32.dll, UxTheme.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 103936
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 711537
Suspicous: False cancel

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 552686
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: kernel32.dll, mscoree.dll, dwmapi.dll, gdi32.dll, uxtheme.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-06-01 01:13:30
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 115
.text: 182

pushpopmath
.rsrc: 33
.text: 101

ss register
.text: 5

garbagebytes
.rsrc: 18
.text: 63

hookdetection
.text: 3

software breakpoint
.rsrc: 1
.text: 6

fakeconditionaljumps
.text: 3

programcontrolflowchange
.rsrc: 18
.text: 60

cpuinstructionsresultscomparison
.rsrc: 3
.text: 28

AVclass
agen
1
VirusTotal
md5
a71931090d30ee95868050b9a4c70c9a
sha1
c5c229a9bab1c77424f373e4cb1f477ace7476c1
SCANS (DETECTION RATE = 73.97%)
AVG
result: MSIL:Agent-CZR [Trj]
update: 20190604
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20190605
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190604
version: 5.24
detected: True check_circle

Bkav
update: 20190604
version: 1.3.0.10239
detected: False cancel

K7GW
result: Trojan ( 004c3e0c1 )
update: 20190604
version: 11.48.31122
detected: True check_circle

ALYac
result: Trojan.GenericKD.2455944
update: 20190604
version: 1.1.1.5
detected: True check_circle

Avira
result: HEUR/AGEN.1007998
update: 20190604
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.ELXJ-7190
update: 20190604
version: 6.2.0.1
detected: True check_circle

DrWeb
result: Trojan.DownLoader13.57326
update: 20190604
version: 7.0.34.11020
detected: True check_circle

GData
result: Trojan.GenericKD.2455944
update: 20190604
version: A:25.22251B:25.15242
detected: True check_circle

Panda
result: Trj/CI.A
update: 20190604
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20190604
version: 4.0.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
version: None
detected: True check_circle

Zoner
update: 20190604
version: 1.0
detected: False cancel

ClamAV
result: Win.Dropper.Generic-6503184-0
update: 20190604
version: 0.101.2.0
detected: True check_circle

Comodo
result: Malware@#skz6rz205im0
update: 20190604
version: 30972
detected: True check_circle

F-Prot
update: 20190604
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.MSIL.Crypt
update: 20190604
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Spybot.worm.gen
update: 20190605
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Generic!8.C3 (CLOUD)
update: 20190604
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20190604
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Inject!PgiFmDtQJDE
update: 20190604
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Inject.Win32.172526
update: 20190604
version: 2.0.0.3825
detected: True check_circle

Acronis
update: 20190604
version: 1.0.1.51
detected: False cancel

Alibaba
result: Trojan:MSIL/Kryptik.bc646a37
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D257988
update: 20190604
version: 1.0.0.846
detected: True check_circle

Babable
update: 20190424
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20190605
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190522
version: 3.0.12
detected: True check_circle

FireEye
result: Generic.mg.a71931090d30ee95
update: 20190605
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190604
version: 2019-06-04.02
detected: False cancel

Tencent
result: Msil.Trojan.Inject.Lknh
update: 20190605
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Z.Inject.651136
update: 20190604
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.GenKD
update: 20190605
version: 1.0.0.403
detected: True check_circle

eGambit
result: Generic.Malware
update: 20190605
version: v4.3.6
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.2455944
update: 20190604
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.Inject.4!c
update: 20190604
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.2455944 (B)
update: 20190604
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Heuristic.HEUR/AGEN.1007998
update: 20190605
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Kryptik.CEH!tr
update: 20190604
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190525
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20190529
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190605
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190605
version: 1.0
detected: True check_circle

Symantec
result: Infostealer.Limitail
update: 20190604
version: 1.9.0.0
detected: True check_circle

Trapmine
result: suspicious.low.ml.score
update: 20190522
version: 3.1.62.789
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Inject.R152210
update: 20190604
version: 3.15.2.24317
detected: True check_circle

Antiy-AVL
result: Trojan/MSIL.Inject
update: 20190604
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20190604
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.8436785.susgen
update: 20190604
version: 1.0.0.1
detected: True check_circle

Microsoft
result: PUA:Win32/Creprote
update: 20190604
version: 1.1.16000.6
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20190605
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20190601
version: 6.8.0.5.4249
detected: False cancel

Trustlook
update: 20190605
version: 1.0
detected: False cancel

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20190604
version: 1.0
detected: True check_circle

Cybereason
result: malicious.90d30e
update: 20190417
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.CEG
update: 20190604
version: 19469
detected: True check_circle

TrendMicro
result: TROJ_GEN.R007C0GEC19
update: 20190605
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.GenericKD.2455944
update: 20190604
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190212
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan ( 004c3e0c1 )
update: 20190529
version: 11.46.31063
detected: True check_circle

SentinelOne
update: 20190604
version: 1.0.27.333
detected: False cancel

Avast-Mobile
update: 20190604
version: 190604-04
detected: False cancel

Malwarebytes
result: Trojan.Stealer.DHA
update: 20190604
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20190604
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190604
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Inject.dsovwa
update: 20190604
version: 1.0.134.24826
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.2455944
update: 20190604
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190604
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Spybot.worm.gen
update: 20190604
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R007C0GEC19
update: 20190604
version: 10.0.0.1040
detected: True check_circle

total
73
sha256
eed8dfdbc7c14c6d1a94cabe5df69d154667f46f5de0fde844335bf061990000
scan_id
eed8dfdbc7c14c6d1a94cabe5df69d154667f46f5de0fde844335bf061990000-1559694215
resource
a71931090d30ee95868050b9a4c70c9a
positives
54
scan_date
2019-06-05 00:23:35
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
4/3/2020 - 3:45:43.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
4/3/2020 - 3:45:43.856Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:45:43.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.856Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/3/2020 - 3:45:43.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/3/2020 - 3:45:43.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
4/3/2020 - 3:45:43.856Open1480C:\malware.exeC:\
4/3/2020 - 3:45:43.856Unknown1480C:\malware.exeC:\
4/3/2020 - 3:45:43.856Open1480C:\malware.exeC:\Windows
4/3/2020 - 3:45:43.856Unknown1480C:\malware.exeC:\Windows
4/3/2020 - 3:45:43.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:43.856Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:44.715Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:45:44.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:44.762Open1480C:\malware.exeC:\malware.exe.config
4/3/2020 - 3:45:44.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
4/3/2020 - 3:45:44.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
4/3/2020 - 3:45:44.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
4/3/2020 - 3:45:44.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
4/3/2020 - 3:45:44.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/3/2020 - 3:45:44.778Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:45:44.778Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 3:45:44.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/3/2020 - 3:45:44.778Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:44.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.262Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.262Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.262Open1480C:\malware.exeC:\
4/3/2020 - 3:45:45.262Unknown1480C:\malware.exeC:\
4/3/2020 - 3:45:45.262Open1480C:\malware.exeC:\Monitor
4/3/2020 - 3:45:45.262Unknown1480C:\malware.exeC:\Monitor
4/3/2020 - 3:45:45.262Open1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:45.262Unknown1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:45.262Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.262Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
4/3/2020 - 3:45:45.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
4/3/2020 - 3:45:45.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
4/3/2020 - 3:45:45.590Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:45:45.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:45.590Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:45.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:45.590Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:45:45.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/3/2020 - 3:45:45.590Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/3/2020 - 3:45:45.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
4/3/2020 - 3:45:45.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
4/3/2020 - 3:45:45.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\RichEd20.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\CRYPTSP.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.622Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.622Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
4/3/2020 - 3:45:45.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
4/3/2020 - 3:45:45.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\ncrypt.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\bcrypt.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
4/3/2020 - 3:45:45.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
4/3/2020 - 3:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
4/3/2020 - 3:45:45.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
4/3/2020 - 3:45:45.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
4/3/2020 - 3:45:45.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
4/3/2020 - 3:45:45.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
4/3/2020 - 3:45:45.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
4/3/2020 - 3:45:45.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
4/3/2020 - 3:45:45.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
4/3/2020 - 3:45:45.715Open1480C:\malware.exeC:\GPAPI.dll
4/3/2020 - 3:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
4/3/2020 - 3:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
4/3/2020 - 3:45:45.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
4/3/2020 - 3:45:45.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
4/3/2020 - 3:45:45.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
4/3/2020 - 3:45:45.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
4/3/2020 - 3:45:45.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
4/3/2020 - 3:45:45.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
4/3/2020 - 3:45:45.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
4/3/2020 - 3:45:45.809Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
4/3/2020 - 3:45:45.809Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
4/3/2020 - 3:45:45.809Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
4/3/2020 - 3:45:45.809Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
4/3/2020 - 3:45:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
4/3/2020 - 3:45:45.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
4/3/2020 - 3:45:45.887Open1480C:\malware.exeC:\malware.config
4/3/2020 - 3:45:45.887Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.887Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.887Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.887Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.887Open1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:45.887Unknown1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 3:45:45.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.887Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
4/3/2020 - 3:45:45.903Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.903Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 3:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:45.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/3/2020 - 3:45:45.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/3/2020 - 3:45:45.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
4/3/2020 - 3:45:45.918Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:45:45.918Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:45.918Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:45.918Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.28Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
4/3/2020 - 3:45:49.28Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
4/3/2020 - 3:45:49.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:45:49.28Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:49.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
4/3/2020 - 3:45:49.28Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:49.28Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:49.28Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:49.28Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:49.28Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 3:45:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.75Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:49.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:49.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:49.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:49.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.684Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:49.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:49.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:49.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:50.12Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:50.12Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:50.12Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:50.12Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:50.12Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:50.12Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:50.106Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/3/2020 - 3:45:50.247Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.247Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
4/3/2020 - 3:45:50.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:51.325Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
4/3/2020 - 3:45:51.465Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.465Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
4/3/2020 - 3:45:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:51.934Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.75Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.75Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:52.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:53.668Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:53.856Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:53.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:54.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:54.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:54.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:54.606Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:45:54.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:54.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:54.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:54.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:54.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:54.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:54.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 3:45:54.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:55.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:55.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:55.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:55.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:55.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
4/3/2020 - 3:45:55.918Open1480C:\malware.exeC:\VERSION.dll
4/3/2020 - 3:45:55.918Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
4/3/2020 - 3:45:55.918Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
4/3/2020 - 3:45:55.918Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:55.918Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:55.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:55.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 3:45:55.965Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:55.965Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:45:56.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:56.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:56.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:56.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:57.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:58.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:58.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:58.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:58.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:58.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:45:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:45:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.372Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
4/3/2020 - 3:45:59.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:45:59.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.934Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.934Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:45:59.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:46:0.403Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:46:0.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:0.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:0.965Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:1.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:1.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:1.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:1.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:1.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:2.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 3:46:2.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
4/3/2020 - 3:46:2.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 3:46:2.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:46:2.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:46:2.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:46:2.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:2.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:2.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:3.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:3.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:3.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:3.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:3.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:3.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:3.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:3.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:3.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:4.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:4.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
4/3/2020 - 3:46:4.434Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:46:4.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/3/2020 - 3:46:4.434Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/3/2020 - 3:46:4.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
4/3/2020 - 3:46:4.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
4/3/2020 - 3:46:4.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\ShFolder.DLL
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:4.481Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:4.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:4.481Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:4.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:4.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:4.481Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:4.481Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 3:46:4.497Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:4.497Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:4.497Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:4.497Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 3:46:4.497Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:4.497Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:4.497Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:4.590Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 3:46:4.684Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:4.684Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:4.684Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:5.247Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:5.668Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:5.715Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:5.762Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 3:46:5.762Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:5.762Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:5.762Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:5.903Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 3:46:5.950Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:5.950Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:5.950Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:6.43Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 3:46:6.90Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:6.90Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:6.90Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:6.231Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 3:46:6.278Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:6.278Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:6.278Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:6.418Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 3:46:6.465Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:6.465Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:6.465Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:6.559Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 3:46:6.559Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:6.559Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:6.559Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:6.653Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 3:46:6.653Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:6.653Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:6.653Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:6.747Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 3:46:6.747Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:6.747Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:6.747Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:6.934Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 3:46:6.934Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:6.934Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:6.934Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:7.75Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 3:46:7.122Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:7.122Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:7.122Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:7.215Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 3:46:7.262Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:7.262Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:7.262Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:7.356Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 3:46:7.356Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:7.356Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:7.356Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:7.450Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 3:46:7.450Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:7.450Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:7.450Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:8.12Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:8.434Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:8.481Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:8.528Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 3:46:8.528Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 3:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:8.668Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:8.809Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 3:46:8.809Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:8.809Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:8.809Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:8.903Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 3:46:8.903Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:8.903Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:8.903Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:8.997Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 3:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:9.43Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:9.137Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 3:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:9.278Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 3:46:9.278Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:9.278Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:9.278Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:9.372Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 3:46:9.372Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:9.372Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:9.418Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:9.528Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 3:46:9.575Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:9.575Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:9.575Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:9.668Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 3:46:9.715Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:9.715Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:9.715Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 3:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:9.809Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:9.903Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 3:46:9.903Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:9.903Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:9.903Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 3:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:9.997Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 3:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:10.90Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:10.184Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 3:46:10.231Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:10.231Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:10.231Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:10.512Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:10.653Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:10.653Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:10.653Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:10.934Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 3:46:11.75Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:11.75Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:11.75Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:11.215Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 3:46:11.262Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:11.262Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:11.262Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:11.356Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 3:46:11.403Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:11.403Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:11.403Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:12.59Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:13.137Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:13.559Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 3:46:13.934Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:13.934Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:13.934Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:14.622Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:15.325Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:15.700Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:16.122Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 3:46:16.497Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:16.497Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:16.497Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:16.637Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 3:46:16.684Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:16.684Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:16.684Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:17.668Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 3:46:17.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:17.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:17.950Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:18.325Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:19.75Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 3:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 3:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:20.809Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:21.231Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:21.372Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 3:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:21.887Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 3:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:22.450Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:22.825Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 3:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 3:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 3:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 3:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:23.668Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 3:46:23.762Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:23.762Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:23.762Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 3:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:23.950Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 3:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 3:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 3:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 3:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:24.512Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 3:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:24.653Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:24.793Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 3:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:24.981Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 3:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:25.168Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 3:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:25.590Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 3:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:26.200Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 3:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 3:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:26.481Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 3:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:26.575Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 3:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 3:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:26.809Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 3:46:26.903Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:26.903Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:26.903Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 3:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:27.90Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 3:46:27.184Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:27.184Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:27.184Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 3:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:27.372Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 3:46:27.372Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:27.372Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:27.372Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 3:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 3:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 3:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:27.653Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 3:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 3:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:27.934Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:28.28Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 3:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:28.122Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 3:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:28.215Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 3:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:28.309Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 3:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:28.403Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:28.497Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 3:46:28.497Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:28.497Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:28.497Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:28.590Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 3:46:28.590Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:28.590Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:28.590Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 3:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:28.684Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 3:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:28.778Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:28.872Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 3:46:28.872Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:28.872Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:28.872Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:28.965Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 3:46:28.965Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:28.965Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:28.965Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 3:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:29.59Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 3:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:29.153Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 3:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:29.247Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 3:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:29.434Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 3:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:29.622Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 3:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:29.715Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 3:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 3:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:29.903Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 3:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:29.997Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 3:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:30.90Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 3:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 3:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:30.278Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 3:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:30.372Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 3:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:30.559Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 3:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 3:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:30.653Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 3:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:30.747Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 3:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:30.840Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 3:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:30.934Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 3:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:31.28Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 3:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:31.122Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 3:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:31.215Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:31.309Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 3:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:31.403Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 3:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 3:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 3:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 3:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:32.153Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 3:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:32.434Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 3:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 3:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 3:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 3:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 3:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 3:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:33.184Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 3:46:33.184Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:33.184Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:33.184Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:33.278Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 3:46:33.278Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:33.278Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:33.278Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 3:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:33.372Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:33.465Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 3:46:33.465Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:33.465Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:33.465Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 3:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:33.606Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 3:46:33.606Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:33.606Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:33.606Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 3:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:33.981Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:34.356Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 3:46:34.450Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:34.450Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:34.450Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:34.731Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 3:46:34.825Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:34.825Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:34.825Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:34.918Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 3:46:34.918Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:34.918Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:34.918Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:35.12Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 3:46:35.12Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:35.12Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:35.12Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:35.106Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 3:46:35.106Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:35.106Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:35.106Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 3:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 3:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:35.387Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 3:46:35.387Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:35.387Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:35.387Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:35.481Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 3:46:35.481Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:35.481Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:35.481Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 3:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:35.668Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 3:46:35.668Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:35.668Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:35.668Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:35.762Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 3:46:35.762Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:35.762Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:35.762Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:35.856Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 3:46:35.856Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:35.856Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:35.856Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:35.950Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 3:46:35.950Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:35.950Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:35.950Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:36.43Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 3:46:36.43Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:36.43Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:36.43Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:36.137Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 3:46:36.137Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:36.137Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:36.137Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:36.231Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 3:46:36.231Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:36.231Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:36.231Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:36.325Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 3:46:36.325Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:36.325Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:36.325Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:36.418Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 3:46:36.418Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:36.418Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:36.418Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:36.512Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 3:46:36.512Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:36.512Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:36.512Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:36.606Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 3:46:36.606Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:36.606Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:36.606Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 3:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:36.793Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 3:46:36.793Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:36.793Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:36.793Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:36.887Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 3:46:36.887Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:36.887Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:36.887Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:36.981Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 3:46:36.981Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:36.981Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:36.981Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:37.75Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 3:46:37.75Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:37.75Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:37.75Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:37.168Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 3:46:37.168Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:37.168Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:37.168Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:37.262Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 3:46:37.262Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:37.262Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:37.262Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:37.356Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 3:46:37.356Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:37.356Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:37.356Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:37.450Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 3:46:37.450Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:37.450Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:37.450Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 3:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:37.637Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 3:46:37.637Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:37.637Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:37.637Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:37.731Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:37.825Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 3:46:37.825Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:37.825Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:37.825Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 3:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 3:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:38.106Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 3:46:38.106Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:38.106Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:38.106Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 3:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 3:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 3:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:38.481Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 3:46:38.481Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:38.481Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:38.481Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 3:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:38.668Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 3:46:38.668Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:38.668Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:38.668Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 3:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:38.856Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 3:46:38.856Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:38.856Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:38.856Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 3:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:39.231Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 3:46:39.372Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:39.372Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:39.372Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 3:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 3:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:39.559Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 3:46:39.747Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:39.747Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:39.747Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:39.887Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 3:46:40.75Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:40.75Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:40.75Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:40.215Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 3:46:40.403Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:40.403Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:40.403Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:40.543Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 3:46:40.731Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:40.731Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:40.731Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:41.59Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:41.293Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 3:46:41.575Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:41.575Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:41.575Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:41.715Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 3:46:41.950Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:41.950Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:41.950Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:42.90Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 3:46:42.418Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:42.418Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:42.418Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:42.559Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 3:46:42.793Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:42.793Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:42.793Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 3:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 3:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:42.981Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:43.75Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 3:46:43.75Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:43.75Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:43.75Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 3:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 3:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:43.262Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 3:46:43.262Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:43.262Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:43.262Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:43.403Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 3:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:43.450Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 3:46:43.637Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:43.637Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:43.637Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:43.778Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 3:46:43.825Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:43.825Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:43.825Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:43.965Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 3:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:44.106Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 3:46:44.200Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:44.200Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:44.200Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:44.293Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 3:46:44.387Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:44.387Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:44.387Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:44.481Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 3:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:44.575Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:44.668Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 3:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:44.762Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:44.856Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 3:46:44.903Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:44.903Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:44.903Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:44.997Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 3:46:45.43Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:45.43Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:45.43Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:45.137Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 3:46:45.184Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:45.184Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:45.184Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:45.278Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 3:46:45.325Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:45.325Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:45.325Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:45.418Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 3:46:45.418Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:45.418Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:45.418Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 3:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:45.653Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 3:46:47.247Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:47.247Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:47.247Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:47.340Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 3:46:47.340Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:47.340Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:47.340Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:47.434Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 3:46:47.434Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:47.434Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:47.434Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:47.528Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 3:46:47.528Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:47.528Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:47.528Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:47.622Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 3:46:47.622Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:47.622Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:47.622Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:47.762Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 3:46:47.762Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:47.762Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:47.762Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:47.903Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 3:46:47.903Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:47.903Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:47.903Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:48.43Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 3:46:48.43Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:48.43Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:48.43Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:48.184Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 3:46:48.184Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:48.184Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:48.184Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:48.278Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 3:46:48.278Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:48.278Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:48.278Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:48.372Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 3:46:48.372Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:48.372Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:48.372Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:48.465Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 3:46:48.465Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:48.465Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:48.465Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:48.559Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 3:46:48.559Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:48.559Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:48.559Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:48.653Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 3:46:48.653Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:48.653Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:48.653Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:48.747Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 3:46:48.747Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:48.747Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:48.747Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:48.887Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 3:46:48.887Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:48.887Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:48.887Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:49.28Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 3:46:49.28Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:49.28Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:49.28Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:49.168Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 3:46:49.168Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:49.168Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:49.168Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:49.309Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 3:46:49.309Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:49.309Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:49.309Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:49.403Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:49.403Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.403Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:49.403Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.450Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.497Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.543Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 3:46:49.543Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.590Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.637Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.684Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.731Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.778Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.825Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.872Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 3:46:49.872Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:49.872Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:49.872Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:50.12Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 3:46:50.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:50.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:50.387Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:50.387Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:50.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 3:46:50.387Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 3:46:50.387Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:50.387Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:50.387Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:50.387Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.387Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.387Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.387Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 3:46:50.403Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 3:46:50.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:50.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:50.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:50.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:50.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:51.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:51.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:51.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:51.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:51.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:51.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:51.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:51.731Open1480C:\malware.exeC:\dwmapi.dll
4/3/2020 - 3:46:51.731Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
4/3/2020 - 3:46:51.731Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
4/3/2020 - 3:46:51.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:51.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.809Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
4/3/2020 - 3:46:52.809Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
4/3/2020 - 3:46:52.809Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:46:52.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:46:52.809Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:46:52.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
4/3/2020 - 3:46:52.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/3/2020 - 3:46:52.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
4/3/2020 - 3:46:52.809Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
4/3/2020 - 3:46:52.809Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
4/3/2020 - 3:46:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:52.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 3:46:52.809Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
4/3/2020 - 3:46:52.825Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
4/3/2020 - 3:46:52.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:52.825Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
4/3/2020 - 3:46:52.825Open1480C:\malware.exeC:\malware.config
4/3/2020 - 3:46:52.825Open1480C:\malware.exeC:\pt-BR\OQjMxPIU.resources.dll
4/3/2020 - 3:46:52.825Open1480C:\malware.exeC:\pt-BR\OQjMxPIU.resources\OQjMxPIU.resources.dll
4/3/2020 - 3:46:52.825Open1480C:\malware.exeC:\pt-BR\OQjMxPIU.resources.exe
4/3/2020 - 3:46:52.825Open1480C:\malware.exeC:\pt-BR\OQjMxPIU.resources\OQjMxPIU.resources.exe
4/3/2020 - 3:46:52.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
4/3/2020 - 3:46:52.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:46:53.59Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:46:53.59Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
4/3/2020 - 3:46:53.59Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\pt\OQjMxPIU.resources.dll
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\pt\OQjMxPIU.resources\OQjMxPIU.resources.dll
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\pt\OQjMxPIU.resources.exe
4/3/2020 - 3:46:53.59Open1480C:\malware.exeC:\pt\OQjMxPIU.resources\OQjMxPIU.resources.exe
4/3/2020 - 3:46:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 3:46:53.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\WindowsCodecs.dll
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
4/3/2020 - 3:46:53.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
4/3/2020 - 3:46:53.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:53.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:53.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:53.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:53.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 3:46:53.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:53.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:53.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 3:46:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.809Open1480C:\malware.exeC:\RpcRtRemote.dll
4/3/2020 - 3:46:54.809Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
4/3/2020 - 3:46:54.809Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
4/3/2020 - 3:46:54.809Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
4/3/2020 - 3:46:54.809Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
4/3/2020 - 3:46:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 3:46:55.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:55.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:55.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:55.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:55.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:56.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:56.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:56.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:56.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:56.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
4/3/2020 - 3:46:56.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
4/3/2020 - 3:46:56.372Open1480C:\malware.exeC:\shfolder.dll
4/3/2020 - 3:46:56.372Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:56.372Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
4/3/2020 - 3:46:56.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 3:46:56.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:56.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 3:46:56.653Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
4/3/2020 - 3:46:56.653Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
4/3/2020 - 3:46:56.747Open1480C:\malware.exeC:\imageres.dll
4/3/2020 - 3:46:56.747Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
4/3/2020 - 3:46:56.747Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
4/3/2020 - 3:46:56.981Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
4/3/2020 - 3:46:56.981Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
4/3/2020 - 3:46:56.981Open1480C:\malware.exeC:\Windows\SysWOW64\pt\imageres.dll.mui
4/3/2020 - 3:46:56.981Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
4/3/2020 - 3:46:56.981Read1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
4/3/2020 - 3:45:45.684Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:45:45.684Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:45:45.684Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:45:45.684Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:45:45.684Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
4/3/2020 - 3:46:4.481Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 72.87%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 80.74%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 56.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 83.47%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 90.30%
suspicious: True check_circle

Add to Collection
Download