Report #8564 check_circle

  • Creation Date: March 3, 2020, 4:40 p.m.
  • Last Update: March 4, 2020, 6:36 a.m.
  • File: Cupom.exe
  • Results:
Binary
DLL
False cancel
Size
73.00KB
trid
55.0% Generic CIL Executable
20.7% Win64 Executable
9.8% Windows screen saver
4.9% Win32 Dynamic Link Library
3.3% Win32 Executable
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
474f485e7f2b3c0cb7e25dcb24e4853d
sha1
a6a4acff0e8efdcbeacaa171346e3e002a8080ca
crc32
0x1db0214b
sha224
11524e53f8681e899254ab175bdd79e534a71e978e3c11e0d8bd45a4
sha256
7c054f45dc626eb9d6bc3dcb9c4b9dd217358dafa151584ad499cab72b381501
sha384
35a027ed98aa2889de1e3ad34675e85af47af501b9945e17afa15c3a3ca2b43740a19693b8874e6d2f8b8baeed7314cf
sha512
367fe266806a644ff590fc40e0016196bca0453fcb425603be467998560539170bd468613088fb345cbbce5a67c8ead20823cfa8270d2c898186d17825b61c2b
ssdeep
1536:uoxil+RFcvAlMjv1a2PweBgyWF3avOV5DH:uoxiER6SMjv1a2PweBB+amVJ
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, contentis_base64, IsNET_EXE, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, HasDebugData, NET_executable_, domain, MD5_Constants, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI, Big_Numbers1

Suspicious
True check_circle

Strings
List
My.Computer
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
finalload.pdb
System.ComponentModel.Design
System.Security.Cryptography.AesCryptoServiceProvider
a2b6abca131e4ccfb8b564464dd9d648.My
System.Security.Cryptography
4System.Web.Services.Protocols.SoapHttpClientProtocol
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
finalload.exe
finalload.exe
finalload.exe
8.0.0.0
9.0.0.0
2.0.0.0
GetDelegateForFunctionPointer
System.Windows.Forms.Form
file:///
3System.Resources.Tools.StronglyTypedResourceBuilder
Next
PHddLEWcDp
Delegate
CreateDelegate
MulticastDelegate
System.Windows.Forms
mscoree.dll
10961499-4a0e-44f6-af19-f185ff2a979c
add_Shutdown
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
get_Registry
get_MetadataToken
set_ShutdownStyle
ocUJCraZ8xVkWDHXDf.ik3RvmNtOc6qBvs5mg+xlqNnlW2uc7fTaIkgO+nXtbbTfF1bAFrKujTN`1[[System.Object, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
a2b6abca131e4ccfb8b564464dd9d648
a2b6abca131e4ccfb8b564464dd9d648
a2b6abca131e4ccfb8b564464dd9d648
a2b6abca131e4ccfb8b564464dd9d648
a2b6abca131e4ccfb8b564464dd9d648
ServerComputer
DebuggerHiddenAttribute
ExecuteScalar
SqlCommand
AuthenticationMode
RegistryProxy
DebuggableAttribute
DebuggingModes
ShutdownMode
ResourceManager
SqlConnection
DebuggerStepThroughAttribute
RrwtnKOkavKLx9Ygvx
FlushFinalBlock
b3ae
OnCreateMainForm
Hashtable
ComputeHash
PaddingMode
CipherMode
GetHashCode
CreateEncryptor
HashAlgorithm
CreateDecryptor
CryptoStreamMode
RijndaelManaged
Flush
Shell
ICryptoTransform
CryptoStream
<PrivateImplementationDetails>{80ACC67A-8F94-4EA5-81D5-71C12FABDFDD}
GetPublicKeyToken
<Module>{87F6B808-E9C7-451E-9374-02CD064D4C31}
Random
a2b6abca131e4ccfb8b564464dd9d648_SQLConn
a2b6abca131e4ccfb8b564464dd9d648_SQLCmd
$a2b6abca-131e-4ccf-b8b5-64464dd9d648
set_UseMachineKeyStore
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
System.Data.SqlClient
set_StartPosition
A0!A;1A09A0AA0IA0QA0YAIiAXyA|
DebuggerNonUserCodeAttribute
HideModuleNameAttribute
ShutdownEventHandler
$$method0x6000039-1
$$method0x6000007-1
$$method0x6000020-2
$$method0x600002a-1
$$method0x6000020-1
$$method0x600002a-2
5.35.KO.S].C@.;5@
$$method0x600005f-1
MD5CryptoServiceProvider
a2b6abca131e4ccfb8b564464dd9d648_bd
_CorExeMain
IEnumerable`1
set_AutoScaleMode

Foremost
Matches
0.exe, 73 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: file:///
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 15
Suspicious: False cancel
Code
Size: 4096
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 15
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .sdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 77454
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-08-06 02:56:34
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 3

pushpopmath
.text: 30

ss register
.text: 12

cpuinstructionsresultscomparison
.text: 41

AVclass
None
1
VirusTotal
md5
474f485e7f2b3c0cb7e25dcb24e4853d
sha1
a6a4acff0e8efdcbeacaa171346e3e002a8080ca
SCANS (DETECTION RATE = 71.43%)
AVG
result: Win32:Malware-gen
update: 20190128
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190127
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20190128
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190125
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 700000121 )
update: 20190128
version: 11.24.29799
detected: True check_circle

ALYac
result: Trojan.MSIL.WWY
update: 20190128
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20190128
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Dldr.Bancos.267
update: 20190127
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190128
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Agent.YNLK-7877
update: 20190128
version: 6.2.0.1
detected: True check_circle

DrWeb
result: Trojan.DownLoader15.24439
update: 20190128
version: 7.0.34.11020
detected: True check_circle

GData
result: Win32.Trojan.Agent.HCY3LV
update: 20190128
version: A:25.20363B:25.14246
detected: True check_circle

Panda
result: Trj/WLT.B
update: 20190127
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.Agent
update: 20190125
version: 3.35.1
detected: True check_circle

Zoner
result: Trojan.Win32.34809
update: 20190125
version: 1.0
detected: True check_circle

ClamAV
update: 20190128
version: 0.101.1.0
detected: False cancel

Comodo
result: Malware@#wokuqn5si4f
update: 20190128
version: 30342
detected: True check_circle

F-Prot
result: W32/Agent.KJC
update: 20190128
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan-Downloader.MSIL.Agent
update: 20190127
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.xg
update: 20190128
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Win32.Agenet.ah (CLOUD)
update: 20190128
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/MSIL-DYC
update: 20190128
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!iaA1em3Hw1o
update: 20190125
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.Agent.Win32.561496
update: 20190125
version: 2.0.0.3739
detected: True check_circle

Acronis
update: 20190124
version: 1.0.1.37
detected: False cancel

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
result: Trojan.MSIL.WWY
update: 20190128
version: 1.0.0.837
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20190128
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20181108
version: 3.0.2
detected: True check_circle

TACHYON
update: 20190128
version: 2019-01-28.01
detected: False cancel

Tencent
result: Win32.Trojan.Agent.Pbzj
update: 20190128
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190128
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Genkd
update: 20190128
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20190128
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.MSIL.WWY
update: 20190128
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20190128
version: 4.2
detected: False cancel

Emsisoft
result: Trojan.MSIL.WWY (B)
update: 20190128
version: 2018.4.0.1029
detected: True check_circle

F-Secure
update: 20190128
version: 11.0.19100.45
detected: False cancel

Fortinet
result: MSIL/Agent.AVV!tr.dldr
update: 20190128
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20181128
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20190128
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190128
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190128
version: 1.0
detected: True check_circle

Symantec
result: Infostealer.Limitail
update: 20190127
version: 1.8.0.0
detected: True check_circle

Trapmine
result: suspicious.low.ml.score
update: 20190123
version: 3.1.40.719
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Agent.C933114
update: 20190128
version: 3.14.1.22785
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Agent
update: 20190128
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.Win32.Agent.nesncd
update: 20190128
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Skeeyah.A!bit
update: 20190128
version: 1.1.15600.4
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20190128
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20190125
version: 6.8.0.5.3981
detected: False cancel

Trustlook
update: 20190128
version: 1.0
detected: False cancel

ZoneAlarm
result: Trojan.Win32.Agent.nesncd
update: 20190128
version: 1.0
detected: True check_circle

Cybereason
result: malicious.e7f2b3
update: 20190109
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: MSIL/TrojanDownloader.Agent.AVV
update: 20190127
version: 18777
detected: True check_circle

TrendMicro
result: TSPY_FAREIT.YYSMA
update: 20190128
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.MSIL.WWY
update: 20190128
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20181023
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 700000121 )
update: 20190128
version: 11.24.29799
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20190124
version: 1.0.21.269
detected: True check_circle

Avast-Mobile
update: 20190127
version: 190127-00
detected: False cancel

Malwarebytes
update: 20190128
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190127
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.IGENERIC
update: 20190127
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Agent.duwxln
update: 20190128
version: 1.0.134.24576
detected: True check_circle

MicroWorld-eScan
result: Trojan.MSIL.WWY
update: 20190128
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190123
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Generic.xg
update: 20190128
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TSPY_FAREIT.YYSMA
update: 20190128
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
7c054f45dc626eb9d6bc3dcb9c4b9dd217358dafa151584ad499cab72b381501
scan_id
7c054f45dc626eb9d6bc3dcb9c4b9dd217358dafa151584ad499cab72b381501-1548652226
resource
474f485e7f2b3c0cb7e25dcb24e4853d
positives
50
scan_date
2019-01-28 05:10:26
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:42.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\
4/3/2020 - 5:45:42.668Unknown1480C:\malware.exeC:\
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\Windows
4/3/2020 - 5:45:42.668Unknown1480C:\malware.exeC:\Windows
4/3/2020 - 5:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:42.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:42.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
4/3/2020 - 5:45:42.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:42.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:42.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:42.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:42.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:42.700Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:42.700Open1480C:\malware.exeC:\malware.exe.config
4/3/2020 - 5:45:42.715Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
4/3/2020 - 5:45:42.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
4/3/2020 - 5:45:42.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
4/3/2020 - 5:45:42.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
4/3/2020 - 5:45:42.950Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
4/3/2020 - 5:45:42.950Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
4/3/2020 - 5:45:42.950Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
4/3/2020 - 5:45:42.950Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:45:42.950Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:45:42.950Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:45:42.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 5:45:42.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 5:45:42.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 5:45:42.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
4/3/2020 - 5:45:42.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
4/3/2020 - 5:45:42.965Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat
4/3/2020 - 5:45:42.965Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
4/3/2020 - 5:45:42.965Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.965Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
4/3/2020 - 5:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:42.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:43.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:43.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:43.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:43.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:43.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:43.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:43.497Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:45:43.543Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:45:43.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:45:43.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 5:45:44.903Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\
4/3/2020 - 5:45:44.903Unknown1480C:\malware.exeC:\
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Monitor
4/3/2020 - 5:45:44.903Unknown1480C:\malware.exeC:\Monitor
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 5:45:44.903Unknown1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 5:45:44.903Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\CRYPTBASE.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
4/3/2020 - 5:45:44.903Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
4/3/2020 - 5:45:44.903Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
4/3/2020 - 5:45:44.903Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
4/3/2020 - 5:45:44.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\malware.config
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 5:45:44.965Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 5:45:44.965Unknown1480C:\malware.exeC:\Monitor\Malware
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\Windows\System32\l_intl.nls
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\malware.exe
4/3/2020 - 5:45:44.965Unknown1480C:\malware.exeC:\malware.exe
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
4/3/2020 - 5:45:44.965Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:44.965Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\Windows\assembly\GAC_64\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:45:44.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:45:44.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:45:44.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:45:44.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:44.981Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
4/3/2020 - 5:45:44.981Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
4/3/2020 - 5:45:44.981Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
4/3/2020 - 5:45:45.43Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 5:45:45.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:45.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:45.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:47.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:48.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:48.543Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
4/3/2020 - 5:45:48.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:48.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:45:48.590Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
4/3/2020 - 5:45:48.747Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
4/3/2020 - 5:45:48.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.465Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
4/3/2020 - 5:45:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.512Open1480C:\malware.exeC:\malware.config
4/3/2020 - 5:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:49.887Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 5:45:49.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 5:45:49.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 5:45:49.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 5:45:50.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 5:45:50.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 5:45:50.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
4/3/2020 - 5:45:50.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 5:45:50.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 5:45:50.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.309Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
4/3/2020 - 5:45:50.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.309Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:45:50.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:50.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
4/3/2020 - 5:45:50.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
4/3/2020 - 5:45:50.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
4/3/2020 - 5:45:50.590Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 5:45:50.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:50.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:50.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:50.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:45:50.590Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR
4/3/2020 - 5:45:50.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
4/3/2020 - 5:45:50.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
4/3/2020 - 5:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:52.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\VERSION.dll
4/3/2020 - 5:45:52.747Open1480C:\malware.exeC:\VERSION.dll
4/3/2020 - 5:45:52.747Open1480C:\malware.exeC:\Windows\System32\version.dll
4/3/2020 - 5:45:52.747Open1480C:\malware.exeC:\Windows\System32\version.dll
4/3/2020 - 5:45:52.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 5:45:52.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:52.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:52.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
4/3/2020 - 5:45:52.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:52.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:45:52.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
4/3/2020 - 5:45:52.981Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:52.981Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
4/3/2020 - 5:45:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:53.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
4/3/2020 - 5:45:53.918Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:53.918Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
4/3/2020 - 5:45:53.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:54.340Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.481Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.481Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:55.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:45:55.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:57.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:57.59Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:45:57.153Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:45:57.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:57.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:57.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:57.481Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:45:57.575Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:45:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:57.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:57.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:57.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:45:58.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:45:58.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:58.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:59.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:45:59.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:45:59.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:0.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:0.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:0.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:0.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:0.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:0.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:0.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:0.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:0.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:0.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:0.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:0.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:1.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:1.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:2.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:2.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:2.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:2.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:2.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:2.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:2.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:2.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:3.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:3.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:3.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:3.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:3.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:3.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:3.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:3.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:3.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:3.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:3.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:3.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:3.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:3.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:4.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:4.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:4.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:4.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:4.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:4.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:4.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:4.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:4.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:4.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:4.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:5.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:5.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:5.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:5.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:5.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:5.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:5.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:5.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:6.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:6.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:6.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:6.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:6.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:6.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:6.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:6.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:6.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:6.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:6.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:6.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:6.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:6.622Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:6.715Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:6.715Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:6.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:6.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:6.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:6.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:6.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:6.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:6.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:46:7.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:46:7.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:7.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:7.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:7.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:46:7.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:46:7.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:7.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:7.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:7.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:8.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:8.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:8.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:8.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:8.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:8.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:8.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:8.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:8.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:8.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:8.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:8.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:8.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:8.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:8.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:8.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:8.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:8.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:8.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:9.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:9.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:9.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:9.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:9.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:9.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:9.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:9.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:10.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:10.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:10.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:10.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:10.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:10.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:10.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:46:10.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:10.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
4/3/2020 - 5:46:11.168Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
4/3/2020 - 5:46:11.168Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
4/3/2020 - 5:46:11.168Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
4/3/2020 - 5:46:11.168Open1480C:\malware.exeC:\Windows\System32\wship6.dll
4/3/2020 - 5:46:11.168Open1480C:\malware.exeC:\Windows\System32\wship6.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
4/3/2020 - 5:46:11.168Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:46:11.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.184Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
4/3/2020 - 5:46:11.184Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.184Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.387Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:46:11.434Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:46:11.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:11.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:11.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:11.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:12.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:12.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:12.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:12.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:12.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:12.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
4/3/2020 - 5:46:12.278Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:12.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
4/3/2020 - 5:46:12.278Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:12.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
4/3/2020 - 5:46:12.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.793Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:12.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:12.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:12.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:13.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:13.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:13.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:13.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:13.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:13.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:13.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:13.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:13.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:13.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
4/3/2020 - 5:46:13.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:13.262Open1480C:\malware.exeC:\malware.config
4/3/2020 - 5:46:13.262Open1480C:\malware.exeC:\malware.config
4/3/2020 - 5:46:13.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
4/3/2020 - 5:46:13.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:13.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:13.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:14.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.715Open1480C:\malware.exeC:\Windows\System32\tzres.dll
4/3/2020 - 5:46:14.715Open1480C:\malware.exeC:\Windows\System32\tzres.dll
4/3/2020 - 5:46:14.715Open1480C:\malware.exeC:\Windows\System32\tzres.dll
4/3/2020 - 5:46:14.715Open1480C:\malware.exeC:\Windows\System32\tzres.dll
4/3/2020 - 5:46:14.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:14.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:14.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:14.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:15.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:15.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:15.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:15.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:15.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:15.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:15.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:15.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:15.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:15.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:15.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:15.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:15.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
4/3/2020 - 5:46:15.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:15.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:15.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:15.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:15.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:15.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:15.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:16.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
4/3/2020 - 5:46:16.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:16.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:16.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:16.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:16.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:16.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:16.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.200Open1480C:\malware.exeC:\CRYPTSP.dll
4/3/2020 - 5:46:17.200Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
4/3/2020 - 5:46:17.200Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
4/3/2020 - 5:46:17.200Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.200Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.200Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.200Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.215Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.215Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.215Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.215Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.215Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.215Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.215Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.215Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
4/3/2020 - 5:46:17.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
4/3/2020 - 5:46:17.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
4/3/2020 - 5:46:17.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 5:46:17.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 5:46:17.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 5:46:17.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:17.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:46:17.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:17.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:17.325Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll
4/3/2020 - 5:46:17.434Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll
4/3/2020 - 5:46:17.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:17.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.90Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:46:18.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:46:18.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.465Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/3/2020 - 5:46:18.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.512Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/3/2020 - 5:46:18.512Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.559Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.606Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.653Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.700Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.747Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.793Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/3/2020 - 5:46:18.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.793Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.793Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.793Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 5:46:18.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:46:18.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:46:18.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:46:18.809Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:18.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:18.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:18.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.731Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
4/3/2020 - 5:46:19.731Open1480C:\malware.exeC:\bcrypt.dll
4/3/2020 - 5:46:19.731Open1480C:\malware.exeC:\Windows\System32\bcrypt.dll
4/3/2020 - 5:46:19.731Open1480C:\malware.exeC:\Windows\System32\bcrypt.dll
4/3/2020 - 5:46:19.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:19.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:46:20.481Open1480C:\malware.exeC:\shfolder.dll
4/3/2020 - 5:46:20.481Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
4/3/2020 - 5:46:20.481Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:46:20.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Gdiplus.dll
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
4/3/2020 - 5:46:20.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:46:20.512Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 5:46:20.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\System32\GDIPFONTCACHEV1.DAT
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:46:20.512Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 5:46:20.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 5:46:20.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 5:46:20.512Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 5:46:20.512Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 5:46:20.668Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
4/3/2020 - 5:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 5:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 5:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 5:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
4/3/2020 - 5:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 5:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 5:46:20.762Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 5:46:20.903Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
4/3/2020 - 5:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 5:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 5:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 5:46:21.559Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 5:46:21.981Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 5:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 5:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
4/3/2020 - 5:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 5:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 5:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 5:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
4/3/2020 - 5:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 5:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 5:46:22.262Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 5:46:22.356Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
4/3/2020 - 5:46:22.403Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 5:46:22.403Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 5:46:22.403Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 5:46:22.543Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
4/3/2020 - 5:46:22.590Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 5:46:22.590Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 5:46:22.590Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 5:46:22.731Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
4/3/2020 - 5:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 5:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 5:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 5:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
4/3/2020 - 5:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 5:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 5:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 5:46:22.965Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
4/3/2020 - 5:46:22.965Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 5:46:22.965Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 5:46:22.965Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 5:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
4/3/2020 - 5:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 5:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 5:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 5:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
4/3/2020 - 5:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 5:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 5:46:23.200Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 5:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
4/3/2020 - 5:46:23.387Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 5:46:23.387Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 5:46:23.387Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 5:46:23.481Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
4/3/2020 - 5:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 5:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 5:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 5:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
4/3/2020 - 5:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 5:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 5:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 5:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
4/3/2020 - 5:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 5:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 5:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 5:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 5:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 5:46:24.793Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 5:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
4/3/2020 - 5:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 5:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 5:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 5:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
4/3/2020 - 5:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 5:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 5:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 5:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
4/3/2020 - 5:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 5:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 5:46:25.75Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 5:46:25.168Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
4/3/2020 - 5:46:25.168Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 5:46:25.168Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 5:46:25.168Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 5:46:25.262Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
4/3/2020 - 5:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 5:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 5:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 5:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
4/3/2020 - 5:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 5:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 5:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 5:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
4/3/2020 - 5:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 5:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 5:46:25.543Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 5:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
4/3/2020 - 5:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 5:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 5:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 5:46:25.731Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
4/3/2020 - 5:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 5:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 5:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 5:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
4/3/2020 - 5:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 5:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 5:46:25.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 5:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
4/3/2020 - 5:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 5:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 5:46:26.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 5:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
4/3/2020 - 5:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 5:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 5:46:26.106Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 5:46:26.200Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
4/3/2020 - 5:46:26.200Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 5:46:26.200Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 5:46:26.200Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 5:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
4/3/2020 - 5:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 5:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 5:46:26.293Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 5:46:26.387Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
4/3/2020 - 5:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 5:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 5:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 5:46:26.715Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 5:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 5:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 5:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 5:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
4/3/2020 - 5:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 5:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 5:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 5:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
4/3/2020 - 5:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 5:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 5:46:27.465Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 5:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
4/3/2020 - 5:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 5:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 5:46:27.606Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 5:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 5:46:29.12Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 5:46:29.387Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 5:46:29.809Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
4/3/2020 - 5:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 5:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 5:46:30.184Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 5:46:30.872Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 5:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 5:46:31.997Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 5:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
4/3/2020 - 5:46:32.793Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 5:46:32.793Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 5:46:32.793Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 5:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
4/3/2020 - 5:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 5:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 5:46:32.981Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 5:46:33.309Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 5:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 5:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 5:46:33.637Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 5:46:33.965Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
4/3/2020 - 5:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 5:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 5:46:34.293Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 5:46:34.668Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 5:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 5:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 5:46:35.43Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 5:46:35.418Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
4/3/2020 - 5:46:35.825Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 5:46:35.825Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 5:46:35.825Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 5:46:36.340Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 5:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 5:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
4/3/2020 - 5:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 5:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 5:46:36.715Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 5:46:37.231Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 5:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 5:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
4/3/2020 - 5:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 5:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 5:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 5:46:37.793Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
4/3/2020 - 5:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 5:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 5:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 5:46:38.309Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 5:46:38.731Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 5:46:38.825Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
4/3/2020 - 5:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 5:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 5:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 5:46:39.293Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 5:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
4/3/2020 - 5:46:39.762Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 5:46:39.762Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 5:46:39.762Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 5:46:39.856Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
4/3/2020 - 5:46:39.856Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 5:46:39.856Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 5:46:39.856Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 5:46:39.950Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
4/3/2020 - 5:46:39.950Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 5:46:39.950Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 5:46:39.950Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 5:46:40.43Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
4/3/2020 - 5:46:40.43Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 5:46:40.43Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 5:46:40.43Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 5:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
4/3/2020 - 5:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 5:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 5:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 5:46:40.418Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
4/3/2020 - 5:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 5:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 5:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 5:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
4/3/2020 - 5:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 5:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 5:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 5:46:40.700Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
4/3/2020 - 5:46:40.700Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 5:46:40.700Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 5:46:40.700Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 5:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
4/3/2020 - 5:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 5:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 5:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 5:46:40.887Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
4/3/2020 - 5:46:40.887Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 5:46:40.887Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 5:46:40.887Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 5:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
4/3/2020 - 5:46:41.168Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 5:46:41.168Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 5:46:41.168Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 5:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
4/3/2020 - 5:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 5:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 5:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 5:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 5:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 5:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 5:46:41.450Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 5:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
4/3/2020 - 5:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 5:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 5:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 5:46:41.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
4/3/2020 - 5:46:41.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 5:46:41.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 5:46:41.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 5:46:41.684Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 5:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 5:46:41.918Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
4/3/2020 - 5:46:42.12Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 5:46:42.12Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 5:46:42.12Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 5:46:42.153Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
4/3/2020 - 5:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 5:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 5:46:42.247Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 5:46:42.340Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 5:46:42.434Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
4/3/2020 - 5:46:42.434Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 5:46:42.434Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 5:46:42.434Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 5:46:42.762Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
4/3/2020 - 5:46:42.950Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 5:46:42.950Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 5:46:42.950Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 5:46:43.43Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
4/3/2020 - 5:46:43.43Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 5:46:43.43Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 5:46:43.43Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 5:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
4/3/2020 - 5:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 5:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 5:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 5:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
4/3/2020 - 5:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 5:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 5:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 5:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
4/3/2020 - 5:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 5:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 5:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 5:46:43.372Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
4/3/2020 - 5:46:43.465Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 5:46:43.465Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 5:46:43.465Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 5:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
4/3/2020 - 5:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 5:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 5:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 5:46:43.653Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
4/3/2020 - 5:46:43.747Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 5:46:43.747Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 5:46:43.747Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 5:46:43.840Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
4/3/2020 - 5:46:43.840Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 5:46:43.840Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 5:46:43.840Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 5:46:43.934Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
4/3/2020 - 5:46:43.934Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 5:46:43.934Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 5:46:43.934Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 5:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
4/3/2020 - 5:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 5:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 5:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 5:46:44.122Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
4/3/2020 - 5:46:44.122Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 5:46:44.122Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 5:46:44.122Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 5:46:44.215Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
4/3/2020 - 5:46:44.215Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 5:46:44.215Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 5:46:44.215Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 5:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
4/3/2020 - 5:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 5:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 5:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 5:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
4/3/2020 - 5:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 5:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 5:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 5:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 5:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 5:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 5:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 5:46:44.590Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
4/3/2020 - 5:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 5:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 5:46:44.684Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 5:46:44.778Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
4/3/2020 - 5:46:44.778Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 5:46:44.778Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 5:46:44.778Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 5:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
4/3/2020 - 5:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 5:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 5:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 5:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
4/3/2020 - 5:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 5:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 5:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 5:46:45.59Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
4/3/2020 - 5:46:45.59Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 5:46:45.59Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 5:46:45.59Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 5:46:45.153Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
4/3/2020 - 5:46:45.153Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 5:46:45.153Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 5:46:45.153Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 5:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
4/3/2020 - 5:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 5:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 5:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 5:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
4/3/2020 - 5:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 5:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 5:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 5:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
4/3/2020 - 5:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 5:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 5:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 5:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
4/3/2020 - 5:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 5:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 5:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 5:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
4/3/2020 - 5:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 5:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 5:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 5:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
4/3/2020 - 5:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 5:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 5:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 5:46:45.809Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
4/3/2020 - 5:46:45.809Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 5:46:45.809Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 5:46:45.809Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 5:46:45.950Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
4/3/2020 - 5:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 5:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 5:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 5:46:46.137Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
4/3/2020 - 5:46:46.184Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 5:46:46.184Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 5:46:46.184Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 5:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
4/3/2020 - 5:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 5:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 5:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 5:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
4/3/2020 - 5:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 5:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 5:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 5:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
4/3/2020 - 5:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 5:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 5:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 5:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
4/3/2020 - 5:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 5:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 5:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 5:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
4/3/2020 - 5:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 5:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 5:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 5:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
4/3/2020 - 5:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 5:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 5:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 5:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
4/3/2020 - 5:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 5:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 5:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 5:46:46.934Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
4/3/2020 - 5:46:46.934Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 5:46:46.934Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 5:46:46.934Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 5:46:47.75Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
4/3/2020 - 5:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 5:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 5:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 5:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
4/3/2020 - 5:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 5:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 5:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 5:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
4/3/2020 - 5:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 5:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 5:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 5:46:47.309Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
4/3/2020 - 5:46:47.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 5:46:47.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 5:46:47.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 5:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
4/3/2020 - 5:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 5:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 5:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 5:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
4/3/2020 - 5:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 5:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 5:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 5:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
4/3/2020 - 5:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 5:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 5:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 5:46:47.684Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
4/3/2020 - 5:46:47.684Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 5:46:47.684Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 5:46:47.684Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 5:46:47.778Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
4/3/2020 - 5:46:47.778Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 5:46:47.778Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 5:46:47.778Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\script.fon
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 5:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 5:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
4/3/2020 - 5:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 5:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 5:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 5:46:48.106Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
4/3/2020 - 5:46:48.293Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 5:46:48.293Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 5:46:48.293Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 5:46:48.387Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
4/3/2020 - 5:46:48.387Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 5:46:48.387Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 5:46:48.387Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 5:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
4/3/2020 - 5:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 5:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 5:46:48.481Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 5:46:48.575Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
4/3/2020 - 5:46:48.575Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 5:46:48.575Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 5:46:48.575Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 5:46:48.715Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
4/3/2020 - 5:46:48.856Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 5:46:48.856Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 5:46:48.856Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 5:46:48.997Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
4/3/2020 - 5:46:49.137Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 5:46:49.137Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 5:46:49.137Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 5:46:49.231Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
4/3/2020 - 5:46:49.231Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 5:46:49.231Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 5:46:49.231Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 5:46:49.356Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
4/3/2020 - 5:46:49.356Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 5:46:49.356Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 5:46:49.356Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 5:46:49.450Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
4/3/2020 - 5:46:49.450Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 5:46:49.450Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 5:46:49.450Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 5:46:49.543Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
4/3/2020 - 5:46:49.543Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 5:46:49.543Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 5:46:49.543Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 5:46:49.637Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
4/3/2020 - 5:46:49.637Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 5:46:49.637Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 5:46:49.637Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 5:46:49.731Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
4/3/2020 - 5:46:49.731Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 5:46:49.731Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 5:46:49.731Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 5:46:49.825Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
4/3/2020 - 5:46:49.825Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 5:46:49.825Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 5:46:49.825Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 5:46:49.918Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
4/3/2020 - 5:46:49.918Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 5:46:49.918Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 5:46:49.918Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 5:46:50.12Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
4/3/2020 - 5:46:50.12Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 5:46:50.12Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 5:46:50.12Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 5:46:50.106Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
4/3/2020 - 5:46:50.106Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 5:46:50.106Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 5:46:50.106Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 5:46:50.200Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
4/3/2020 - 5:46:50.200Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 5:46:50.200Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 5:46:50.200Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 5:46:50.293Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
4/3/2020 - 5:46:50.293Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 5:46:50.293Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 5:46:50.293Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 5:46:50.575Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
4/3/2020 - 5:46:50.715Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 5:46:50.715Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 5:46:50.715Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 5:46:50.997Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
4/3/2020 - 5:46:51.137Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 5:46:51.137Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 5:46:51.137Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 5:46:51.418Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
4/3/2020 - 5:46:51.512Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 5:46:51.512Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 5:46:51.512Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 5:46:51.606Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
4/3/2020 - 5:46:51.606Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 5:46:51.606Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 5:46:51.606Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 5:46:51.700Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
4/3/2020 - 5:46:51.700Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 5:46:51.700Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 5:46:51.700Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 5:46:51.793Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
4/3/2020 - 5:46:51.793Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 5:46:51.793Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 5:46:51.793Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 5:46:51.887Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
4/3/2020 - 5:46:51.887Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 5:46:51.887Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 5:46:51.887Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 5:46:51.981Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
4/3/2020 - 5:46:51.981Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 5:46:51.981Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 5:46:51.981Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 5:46:52.75Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
4/3/2020 - 5:46:52.75Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 5:46:52.75Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 5:46:52.75Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 5:46:52.168Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
4/3/2020 - 5:46:52.168Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 5:46:52.168Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 5:46:52.168Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 5:46:52.262Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
4/3/2020 - 5:46:52.262Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 5:46:52.262Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 5:46:52.262Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 5:46:52.356Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
4/3/2020 - 5:46:52.356Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 5:46:52.356Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 5:46:52.356Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 5:46:52.450Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
4/3/2020 - 5:46:52.450Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 5:46:52.450Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 5:46:52.450Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 5:46:52.543Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
4/3/2020 - 5:46:52.543Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 5:46:52.543Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 5:46:52.543Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 5:46:52.637Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
4/3/2020 - 5:46:52.637Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 5:46:52.637Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 5:46:52.637Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 5:46:52.731Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
4/3/2020 - 5:46:52.731Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 5:46:52.731Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 5:46:52.731Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 5:46:52.825Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
4/3/2020 - 5:46:52.825Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 5:46:52.825Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 5:46:52.825Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 5:46:52.918Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
4/3/2020 - 5:46:52.918Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 5:46:52.918Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 5:46:52.918Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 5:46:53.12Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
4/3/2020 - 5:46:53.12Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 5:46:53.12Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 5:46:53.12Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 5:46:53.106Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
4/3/2020 - 5:46:53.106Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 5:46:53.106Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 5:46:53.106Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 5:46:53.200Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
4/3/2020 - 5:46:53.200Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 5:46:53.200Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 5:46:53.200Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 5:46:53.293Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
4/3/2020 - 5:46:53.293Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 5:46:53.293Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 5:46:53.293Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 5:46:53.387Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
4/3/2020 - 5:46:53.387Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 5:46:53.387Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 5:46:53.387Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 5:46:53.481Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
4/3/2020 - 5:46:53.481Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 5:46:53.481Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 5:46:53.481Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 5:46:53.575Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
4/3/2020 - 5:46:53.575Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 5:46:53.575Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 5:46:53.575Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 5:46:53.668Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
4/3/2020 - 5:46:53.668Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 5:46:53.668Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 5:46:53.668Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 5:46:53.762Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
4/3/2020 - 5:46:53.762Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 5:46:53.762Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 5:46:53.762Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 5:46:53.856Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
4/3/2020 - 5:46:53.856Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 5:46:53.856Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 5:46:53.856Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 5:46:53.950Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
4/3/2020 - 5:46:53.950Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 5:46:53.950Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 5:46:53.950Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 5:46:54.43Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
4/3/2020 - 5:46:54.43Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 5:46:54.43Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 5:46:54.43Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 5:46:54.137Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
4/3/2020 - 5:46:54.137Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 5:46:54.137Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 5:46:54.137Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 5:46:54.231Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
4/3/2020 - 5:46:54.231Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 5:46:54.231Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 5:46:54.231Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 5:46:54.325Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
4/3/2020 - 5:46:54.325Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 5:46:54.325Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 5:46:54.325Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 5:46:54.418Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
4/3/2020 - 5:46:54.418Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 5:46:54.418Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 5:46:54.418Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 5:46:54.512Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
4/3/2020 - 5:46:54.512Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 5:46:54.512Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 5:46:54.512Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 5:46:54.606Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
4/3/2020 - 5:46:54.606Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 5:46:54.606Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 5:46:54.606Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 5:46:54.700Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
4/3/2020 - 5:46:54.700Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 5:46:54.700Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 5:46:54.700Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 5:46:54.793Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
4/3/2020 - 5:46:54.793Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 5:46:54.793Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 5:46:54.793Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 5:46:54.887Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
4/3/2020 - 5:46:54.887Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 5:46:54.887Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 5:46:54.887Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 5:46:54.981Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
4/3/2020 - 5:46:54.981Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 5:46:54.981Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 5:46:54.981Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 5:46:55.75Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
4/3/2020 - 5:46:55.75Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 5:46:55.75Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 5:46:55.75Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 5:46:55.168Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
4/3/2020 - 5:46:55.168Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 5:46:55.168Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 5:46:55.168Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 5:46:55.262Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
4/3/2020 - 5:46:55.262Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 5:46:55.262Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 5:46:55.262Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 5:46:55.356Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
4/3/2020 - 5:46:55.356Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 5:46:55.356Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 5:46:55.356Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 5:46:55.450Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
4/3/2020 - 5:46:55.450Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 5:46:55.450Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 5:46:55.450Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 5:46:55.543Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
4/3/2020 - 5:46:55.543Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 5:46:55.543Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 5:46:55.543Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 5:46:55.637Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
4/3/2020 - 5:46:55.637Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 5:46:55.637Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 5:46:55.637Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 5:46:55.918Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
4/3/2020 - 5:46:56.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 5:46:56.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 5:46:56.106Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 5:46:56.247Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
4/3/2020 - 5:46:56.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 5:46:56.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 5:46:56.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 5:46:56.247Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
4/3/2020 - 5:46:56.247Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 5:46:56.247Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 5:46:56.247Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 5:46:56.293Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
4/3/2020 - 5:46:56.481Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 5:46:56.481Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 5:46:56.481Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 5:46:56.622Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
4/3/2020 - 5:46:56.809Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 5:46:56.809Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 5:46:56.809Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 5:46:56.950Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
4/3/2020 - 5:46:57.137Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 5:46:57.137Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 5:46:57.137Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 5:46:57.278Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
4/3/2020 - 5:46:57.465Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 5:46:57.465Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 5:46:57.465Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 5:46:57.793Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 5:46:58.28Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
4/3/2020 - 5:46:58.262Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 5:46:58.262Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 5:46:58.262Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 5:46:58.403Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
4/3/2020 - 5:46:58.637Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 5:46:58.637Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 5:46:58.637Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 5:46:58.778Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
4/3/2020 - 5:46:59.59Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 5:46:59.59Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 5:46:59.59Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 5:46:59.200Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
4/3/2020 - 5:46:59.434Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 5:46:59.434Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 5:46:59.434Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 5:46:59.528Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
4/3/2020 - 5:46:59.528Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 5:46:59.528Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 5:46:59.528Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 5:46:59.622Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
4/3/2020 - 5:46:59.622Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 5:46:59.622Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 5:46:59.622Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 5:46:59.715Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
4/3/2020 - 5:46:59.715Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 5:46:59.715Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 5:46:59.715Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 5:46:59.809Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
4/3/2020 - 5:46:59.809Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 5:46:59.809Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 5:46:59.809Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 5:46:59.809Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
4/3/2020 - 5:46:59.809Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 5:46:59.809Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 5:46:59.809Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 5:46:59.903Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
4/3/2020 - 5:46:59.903Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 5:46:59.903Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 5:46:59.903Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 5:47:0.43Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
4/3/2020 - 5:47:0.90Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 5:47:0.90Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 5:47:0.90Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 5:47:0.231Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
4/3/2020 - 5:47:0.278Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 5:47:0.278Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 5:47:0.278Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 5:47:0.418Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
4/3/2020 - 5:47:0.465Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 5:47:0.465Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 5:47:0.465Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 5:47:0.606Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
4/3/2020 - 5:47:0.653Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 5:47:0.653Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 5:47:0.653Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 5:47:0.747Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
4/3/2020 - 5:47:0.840Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 5:47:0.840Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 5:47:0.840Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 5:47:0.934Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
4/3/2020 - 5:47:1.28Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 5:47:1.28Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 5:47:1.28Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 5:47:1.122Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
4/3/2020 - 5:47:1.215Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 5:47:1.215Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 5:47:1.215Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 5:47:1.309Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
4/3/2020 - 5:47:1.403Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 5:47:1.403Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 5:47:1.403Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 5:47:1.497Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
4/3/2020 - 5:47:1.543Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 5:47:1.543Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 5:47:1.543Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 5:47:1.637Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
4/3/2020 - 5:47:1.684Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 5:47:1.684Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 5:47:1.684Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 5:47:1.778Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
4/3/2020 - 5:47:1.825Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 5:47:1.825Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 5:47:1.825Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 5:47:1.918Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
4/3/2020 - 5:47:1.965Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 5:47:1.965Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 5:47:1.965Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 5:47:2.59Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
4/3/2020 - 5:47:2.59Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 5:47:2.59Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 5:47:2.59Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 5:47:2.153Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
4/3/2020 - 5:47:2.153Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 5:47:2.153Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 5:47:2.153Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 5:47:2.293Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
4/3/2020 - 5:47:3.840Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 5:47:3.840Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 5:47:3.840Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 5:47:3.934Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
4/3/2020 - 5:47:3.934Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 5:47:3.934Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 5:47:3.934Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 5:47:4.28Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
4/3/2020 - 5:47:4.28Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 5:47:4.28Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 5:47:4.28Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 5:47:4.122Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
4/3/2020 - 5:47:4.122Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 5:47:4.122Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 5:47:4.122Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 5:47:4.215Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
4/3/2020 - 5:47:4.215Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 5:47:4.215Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 5:47:4.215Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 5:47:4.356Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
4/3/2020 - 5:47:4.356Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 5:47:4.356Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 5:47:4.356Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 5:47:4.497Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
4/3/2020 - 5:47:4.497Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 5:47:4.497Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 5:47:4.497Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 5:47:4.637Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
4/3/2020 - 5:47:4.637Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 5:47:4.637Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 5:47:4.637Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 5:47:4.778Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
4/3/2020 - 5:47:4.778Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 5:47:4.778Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 5:47:4.778Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 5:47:4.872Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
4/3/2020 - 5:47:4.872Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 5:47:4.872Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 5:47:4.872Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 5:47:4.965Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
4/3/2020 - 5:47:4.965Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 5:47:4.965Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 5:47:4.965Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 5:47:5.59Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
4/3/2020 - 5:47:5.59Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 5:47:5.59Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 5:47:5.59Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 5:47:5.153Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
4/3/2020 - 5:47:5.153Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 5:47:5.153Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 5:47:5.153Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 5:47:5.247Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
4/3/2020 - 5:47:5.247Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 5:47:5.247Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 5:47:5.247Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 5:47:5.340Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
4/3/2020 - 5:47:5.340Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 5:47:5.340Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 5:47:5.340Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 5:47:5.481Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
4/3/2020 - 5:47:5.481Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 5:47:5.481Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 5:47:5.481Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 5:47:5.622Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
4/3/2020 - 5:47:5.622Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 5:47:5.622Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 5:47:5.622Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 5:47:5.762Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
4/3/2020 - 5:47:5.762Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 5:47:5.762Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 5:47:5.762Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 5:47:5.903Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
4/3/2020 - 5:47:5.903Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 5:47:5.903Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 5:47:5.903Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 5:47:5.997Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 5:47:5.997Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:5.997Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 5:47:5.997Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.43Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.90Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.137Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
4/3/2020 - 5:47:6.137Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.184Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.231Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.278Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.325Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.372Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.418Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.465Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.512Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
4/3/2020 - 5:47:6.512Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 5:47:6.512Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 5:47:6.512Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 5:47:6.653Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
4/3/2020 - 5:47:7.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 5:47:7.28Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 5:47:7.28Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 5:47:7.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
4/3/2020 - 5:47:7.28Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
4/3/2020 - 5:47:7.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:7.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:7.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:7.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:7.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
4/3/2020 - 5:47:7.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:7.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:7.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:7.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:7.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:7.965Open1480C:\malware.exeC:\dwmapi.dll
4/3/2020 - 5:47:7.965Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
4/3/2020 - 5:47:7.965Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
4/3/2020 - 5:47:7.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:8.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:8.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:8.106Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
4/3/2020 - 5:47:8.106Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
4/3/2020 - 5:47:8.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:8.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:8.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:8.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:8.434Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:47:8.481Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:47:8.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:47:8.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:8.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:8.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\W7VM1.kja
4/3/2020 - 5:47:8.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FZIOaLfT
4/3/2020 - 5:47:8.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:47:8.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FZIOaLfT
4/3/2020 - 5:47:8.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 5:47:8.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
4/3/2020 - 5:47:8.715Open1480C:\malware.exeC:\Users\Behemot\AppData
4/3/2020 - 5:47:8.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData
4/3/2020 - 5:47:8.715Open1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:47:8.715Unknown1480C:\malware.exeC:\Users\Behemot
4/3/2020 - 5:47:8.715Open1480C:\malware.exeC:\Users
4/3/2020 - 5:47:8.715Unknown1480C:\malware.exeC:\Users
4/3/2020 - 5:47:8.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FZIOaLfT
4/3/2020 - 5:47:8.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FZIOaLfT
4/3/2020 - 5:47:8.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:8.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:8.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:8.856Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll
4/3/2020 - 5:47:8.950Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:8.950Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll
4/3/2020 - 5:47:8.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:8.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.278Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:47:9.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089
4/3/2020 - 5:47:9.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.559Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/3/2020 - 5:47:9.606Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/3/2020 - 5:47:9.606Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/3/2020 - 5:47:9.606Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/3/2020 - 5:47:9.653Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/3/2020 - 5:47:9.700Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/3/2020 - 5:47:9.747Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/3/2020 - 5:47:9.793Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
4/3/2020 - 5:47:9.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/3/2020 - 5:47:9.793Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 5:47:9.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:47:9.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:47:9.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.793Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:47:9.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
4/3/2020 - 5:47:9.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
4/3/2020 - 5:47:9.950Open1480C:\malware.exeC:\RpcRtRemote.dll
4/3/2020 - 5:47:9.950Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
4/3/2020 - 5:47:9.950Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
4/3/2020 - 5:47:9.950Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
4/3/2020 - 5:47:9.950Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\security.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\security.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\SECUR32.DLL
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\secur32.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\secur32.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\SSPICLI.DLL
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\credssp.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\credssp.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\credssp.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\schannel.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\schannel.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:9.997Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\DNSAPI.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\IPHLPAPI.DLL
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\WINNSI.DLL
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
4/3/2020 - 5:47:9.997Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
4/3/2020 - 5:47:10.59Open1480C:\malware.exeC:\rasadhlp.dll
4/3/2020 - 5:47:10.59Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
4/3/2020 - 5:47:10.59Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
4/3/2020 - 5:47:10.106Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
4/3/2020 - 5:47:10.106Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
4/3/2020 - 5:47:10.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.247Open1480C:\malware.exeC:\ncrypt.dll
4/3/2020 - 5:47:10.247Open1480C:\malware.exeC:\Windows\System32\ncrypt.dll
4/3/2020 - 5:47:10.247Open1480C:\malware.exeC:\Windows\System32\ncrypt.dll
4/3/2020 - 5:47:10.247Open1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dll
4/3/2020 - 5:47:10.247Unknown1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dllbcryptprimitives.dll
4/3/2020 - 5:47:10.247Open1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dll
4/3/2020 - 5:47:10.247Unknown1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dllbcryptprimitives.dll
4/3/2020 - 5:47:10.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
4/3/2020 - 5:47:10.278Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
4/3/2020 - 5:47:10.278Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Open1480C:\malware.exeC:\malware.exe.Local
4/3/2020 - 5:47:10.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:47:10.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:47:10.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
4/3/2020 - 5:47:10.293Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.pdb
4/3/2020 - 5:47:10.293Open1480C:\malware.exeC:\Windows\symbols\dll\System.Data.pdb
4/3/2020 - 5:47:10.293Open1480C:\malware.exeC:\Windows\dll\System.Data.pdb
4/3/2020 - 5:47:10.293Open1480C:\malware.exeC:\Windows\System.Data.pdb
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:10.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:10.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
4/3/2020 - 5:47:10.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:10.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:10.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
4/3/2020 - 5:47:15.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:15.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
4/3/2020 - 5:47:15.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
4/3/2020 - 5:46:20.512Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code dbsq0010.whservidor.com.
computer localhost arrow_forward computer gateway:DNS code dbsq0010.whservidor.com.

Response
computer gateway:DNS arrow_forward computer localhost code dbsq0010.whservidor.com. reply_all 200.98.196.206


TCP
Info
200.98.196.206:1433 arrow_forward computer localhost:65192
computer localhost:65192 arrow_forward 200.98.196.206:1433

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 59.85%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.31%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 52.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 37.29%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 77.42%
suspicious: False cancel

Add to Collection
Download