Report #8758 check_circle

  • Creation Date: March 5, 2020, 3:43 p.m.
  • Last Update: March 6, 2020, 12:46 a.m.
  • File: Documentos.exe
  • Results:
Binary
DLL
False cancel
Size
204.50KB
trid
35.3% Generic CIL Executable
20.7% InstallShield setup
15.0% Win32 Executable MS Visual C++
13.3% Win64 Executable
6.3% Windows screen saver
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
ff0d22a86bb2e8f8facfb58549eeb59f
sha1
83153583c41cd69ca42c31adc205c60b5f67eec0
crc32
0x1f669350
sha224
f8db00b0a69efd5405a8f0f9f9774d50bc7fade2b11c786c501ace64
sha256
a3a5d0f87d748801bbb368d76aef8d824b6ca1615463bcd1051f4992294f29c5
sha384
ede4a9ccd0b7188773f8e542709492fac0e9980935c38ccccf67da3db9bb3a1f2a0bdaa44df17aef0a645573cec34ae9
sha512
27acf9895227c08eef0281c02c3e09a691842cf5b969cc78dc58883b6d1f17251d580622625f506e4705ce7ffee86a0f3d173b82de32062813a4927df3324eba
ssdeep
3072:hzJ+lM+sEvWfROJLhfJpreQ00ws/R3b/rz3qhzh70Bx5RO9Cfabq+:eWROJNhpeBUDnqHex5A92
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IP, domain, HasDebugData, CRC32_poly_Constant, escalate_priv, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET, NET_executable_, win_files_operation, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, NET_executable, win_mutex, Microsoft_Visual_Studio_NET_additional, win_token, contentis_base64, NETexecutableMicrosoft, IsWindowsGUI, url, IsNET_EXE, Microsoft_Visual_C_Basic_NET, win_registry

Suspicious
True check_circle

Strings
List
http://bradesinfomail.com.br/explorer.zip
http://www.info-zip.org/UnZip.html
see ftp://ftp.info-zip.org/pub/infozip/UnZip.html for other sites.
Latest sources and executables are at ftp://ftp.info-zip.org/pub/infozip/ ;
bug reports using http://www.info-zip.org/zip-bug.html; see README for details.
decisao.zip
C:\Users\Admin\Desktop\Acimax\Acimax\obj\x86\Release\TurixpqLP.pdb
unzip data1 -x joe => extract all files except joe from zipfile data1.zip
TurixpqLP.My
My.Computer
System.IO
System.Net
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
Info-Zip <www.info-zip.org>
2005 Info-Zip <www.info-zip.org>
System.ComponentModel.Design
GNU for Win32 <gnuwin32.sourceforge.net>
compressed WinNT security data missing (%d bytes)%s
unzip.exe
Microsoft Windows Server&nbsp;2003 family,
System.Security.Principal
4System.Web.Services.Protocols.SoapHttpClientProtocol
Examples (see unzip.txt for more info):
%lu file%s, %lu bytes uncompressed, %lu bytes compressed: %s%d.%d%%
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
TurixpqLP.exe
TurixpqLP.exe
TurixpqLP.exe
file security status: %sencrypted
\\.\vwin32
[%s] %s password:
compressed size: %lu bytes
uncompressed size: %lu bytes
Archive: %s
Archive: %s %ld %u
Archive: %s %ld bytes %u file%s
deflated
deflated
compression method: %s
or: unzip %s-Z%s [-12smlvChMtTz] file[.zip] [list...] [-x xlist...]
SeSecurityPrivilege
SeRestorePrivilege
TurixpqLP.My.Resources
10.0.0.0
8.0.0.0
4.0.0.0
UnZip %d.%d%d%s of %s, by Info-ZIP. Maintained by C. Spieler. Send
100%%
--More--(%lu)
System.Windows.Forms.Form
(%ld bytes security)
Usage: unzip %s[-opts[modifiers]] file[.zip] [list] [-x xlist] [-d exdir]
note: didn't find end-of-central-dir signature at end of central dir.
End-of-central-directory signature not found. Either this file is not
3System.Resources.Tools.StronglyTypedResourceBuilder
Entry Sequenced
skipping: %-22s %svolume label
No errors detected in compressed data of %s.
%s %s: %ld bytes required to uncompress to %lu bytes;
minimum software version required to extract: %u.%u
compressed EA data missing (%d bytes)%s
%s: stored in VMS format. Extract anyway? (y/n)
The 128-bit MD5 signature is %s
s have a total of
Delete
Key Sequenced
has
shrk
s were
was
may be
length of file comment: %u characters
System.Windows.Forms
shrunk
MS-DOS file attributes (%02X hex): %s%s%s%s%s%s%s%s
updated: %lu directory entries with %lu bytes security
failed: %lu directory entries with %lu bytes security
skipping: %-22s unsupported compression method %u
unknown compression method for EAs (%u)
error: expected central file header signature not found (file #%lu).
%d archive%s successfully processed.
%8sing: %-22s %s%s
labelling %s %-22s
error: unsupported extra-field compression type (%u)--skipping
32-bit CRC value (hex): %.8lx
offset of local header from start of archive: %lu (%.8lXh) bytes
error: %s%s
compression sub-type (deflation): %s
%s %s %8lu
%s: unknown compression method
extended local header: %s
%lu file%s skipped because of unsupported compression or encoding.
error: %s%s %s
This zipfile constitutes disk %u of a multi-part archive. The central
%8lu %8lu %4s %lu file%s
%s ("^" ==> case
%u data bytes (%s).

Foremost
Matches
0.exe, 204 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: ftp://ftp.info-zip.org/pub/infozip/, ftp://ftp.info-zip.org/pub/infozip/unzip.html, http://www.info-zip.org/unzip.html, http://bradesinfomail.com.br/explorer.zip, http://www.info-zip.org/zip-bug.html;
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: http://bradesinfomail.com.br/explorer.zip, kernel32.dll, USER32.dll, OLE32.dll, mscoree.dll, msvcrt.dll, ADVAPI32.DLL
hasFiles: True check_circle
Suspicious: decisao.zip, unzip data1 -x joe => extract all files except joe from zipfile data1.zip
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4096
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .sdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 211982
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, user32.dll, ole32.dll, mscoree.dll, msvcrt.dll, advapi32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-11-03 16:46:02
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
1320
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 2

nopsequence
.text: 673

pushpopmath
.text: 43

cpuinstructionsresultscomparison
.text: 3

AVclass
banload
1
VirusTotal
md5
ff0d22a86bb2e8f8facfb58549eeb59f
sha1
83153583c41cd69ca42c31adc205c60b5f67eec0
SCANS (DETECTION RATE = 71.64%)
AVG
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
update: 20180323
version: 2017.11.15.1
detected: False cancel

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
result: Gen:Variant.Zusy.168298
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Downloader.A.28233
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9630
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.KHBP-3943
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
update: 20180323
version: 7.0.28.2020
detected: False cancel

GData
result: Gen:Variant.Zusy.168298
update: 20180323
version: A:25.16478B:25.11859
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.MSIL.Banload
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65472
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
update: 20180323
detected: False cancel

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.MSIL.Banload
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!FF0D22A86BB2
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180323
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/MSIL-QO
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!+4zEGKKIYfs
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Backdoor.PePatch.Win32.91452
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Zusy.D2916A
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan.Downloader.Edxl
update: 20180323
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180323
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Zusy.168298
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.W32.Generic!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Zusy.168298 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Zusy.168298
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: MSIL/Banload.FA!tr.dldr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: Trojan.Generic.fanv
update: 20180323
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Malware/Win32.Generic.C1247777
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.AGeneric
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:MSIL/Banload.AO
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20180323
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: Trojan/Downloader.Banload.ff
update: 20180319
version: 6.8.0.5.2551
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.86bb2e
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/TrojanDownloader.Banload.FF
update: 20180323
version: 17106
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DCK18
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Gen:Variant.Zusy.168298
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_90% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.IGENERIC
update: 20180322
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.dzwrak
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Zusy.168298
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DCK18
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
a3a5d0f87d748801bbb368d76aef8d824b6ca1615463bcd1051f4992294f29c5
scan_id
a3a5d0f87d748801bbb368d76aef8d824b6ca1615463bcd1051f4992294f29c5-1521828598
resource
ff0d22a86bb2e8f8facfb58549eeb59f
positives
48
scan_date
2018-03-23 18:09:58
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:45:43.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\
5/3/2020 - 23:45:43.653Unknown1480C:\malware.exeC:\
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\Windows
5/3/2020 - 23:45:43.653Unknown1480C:\malware.exeC:\Windows
5/3/2020 - 23:45:43.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:45:43.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:45:43.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
5/3/2020 - 23:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:43.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:43.684Open1480C:\malware.exeC:\malware.exe.config
5/3/2020 - 23:45:43.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
5/3/2020 - 23:45:44.247Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:45:44.247Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:45:44.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
5/3/2020 - 23:45:44.247Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:45:44.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:45:44.278Unknown1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\
5/3/2020 - 23:45:44.278Unknown1480C:\malware.exeC:\
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\Monitor
5/3/2020 - 23:45:44.278Unknown1480C:\malware.exeC:\Monitor
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\Monitor\Malware
5/3/2020 - 23:45:44.278Unknown1480C:\malware.exeC:\Monitor\Malware
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:45:44.278Unknown1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
5/3/2020 - 23:45:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
5/3/2020 - 23:45:44.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\malware.config
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:45:44.325Unknown1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\Monitor\Malware
5/3/2020 - 23:45:44.325Unknown1480C:\malware.exeC:\Monitor\Malware
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:45:44.325Unknown1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
5/3/2020 - 23:45:44.325Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:44.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:44.325Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:44.325Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
5/3/2020 - 23:45:44.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
5/3/2020 - 23:45:44.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
5/3/2020 - 23:45:44.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
5/3/2020 - 23:45:44.356Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:45:44.356Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:45:44.356Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:45:44.356Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:45:44.356Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
5/3/2020 - 23:45:44.356Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:44.559Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
5/3/2020 - 23:45:44.700Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:44.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
5/3/2020 - 23:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:44.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:44.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:45.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:45.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:45.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:45.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.309Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.309Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:46.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:45:47.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:47.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:45:47.840Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:48.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:48.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
5/3/2020 - 23:45:48.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
5/3/2020 - 23:45:48.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:48.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
5/3/2020 - 23:45:49.340Open1480C:\malware.exeC:\VERSION.dll
5/3/2020 - 23:45:49.340Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
5/3/2020 - 23:45:49.340Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
5/3/2020 - 23:45:49.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:45:49.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:49.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:49.387Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:45:49.387Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:49.387Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:50.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:51.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:51.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:51.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:51.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:51.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:51.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:51.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:51.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:51.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:52.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:52.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:52.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:52.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:52.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:53.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:53.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:53.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:53.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:53.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:53.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:45:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:54.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:54.356Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
5/3/2020 - 23:45:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:54.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:54.778Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:54.872Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:54.872Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:45:55.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:55.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:55.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:55.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:55.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:55.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:55.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:56.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:56.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:56.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:56.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:56.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:56.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:56.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:56.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:56.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:57.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
5/3/2020 - 23:45:57.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:57.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:57.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:57.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:57.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:57.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
5/3/2020 - 23:45:57.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
5/3/2020 - 23:45:57.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:45:57.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:45:57.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:45:57.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:58.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:58.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:58.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:58.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:58.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:58.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:58.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:58.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:45:58.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:45:59.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:59.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:59.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:59.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:45:59.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:45:59.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:0.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:0.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:0.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:46:0.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:46:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:0.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:0.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:46:0.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:0.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:0.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:0.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:0.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:0.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:0.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:0.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
5/3/2020 - 23:46:0.762Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:46:0.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
5/3/2020 - 23:46:0.762Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
5/3/2020 - 23:46:0.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
5/3/2020 - 23:46:0.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\ShFolder.DLL
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:46:0.809Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
5/3/2020 - 23:46:0.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:46:0.809Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
5/3/2020 - 23:46:0.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:0.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:0.809Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
5/3/2020 - 23:46:0.809Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
5/3/2020 - 23:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
5/3/2020 - 23:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
5/3/2020 - 23:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
5/3/2020 - 23:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
5/3/2020 - 23:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
5/3/2020 - 23:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
5/3/2020 - 23:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
5/3/2020 - 23:46:0.825Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
5/3/2020 - 23:46:0.840Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
5/3/2020 - 23:46:0.840Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
5/3/2020 - 23:46:0.840Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
5/3/2020 - 23:46:0.840Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
5/3/2020 - 23:46:0.840Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
5/3/2020 - 23:46:0.981Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
5/3/2020 - 23:46:1.28Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
5/3/2020 - 23:46:1.28Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
5/3/2020 - 23:46:1.28Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
5/3/2020 - 23:46:1.122Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
5/3/2020 - 23:46:1.168Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
5/3/2020 - 23:46:1.168Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
5/3/2020 - 23:46:1.168Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
5/3/2020 - 23:46:1.309Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
5/3/2020 - 23:46:1.356Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
5/3/2020 - 23:46:1.356Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
5/3/2020 - 23:46:1.356Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
5/3/2020 - 23:46:1.497Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
5/3/2020 - 23:46:1.543Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
5/3/2020 - 23:46:1.543Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
5/3/2020 - 23:46:1.543Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
5/3/2020 - 23:46:1.637Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
5/3/2020 - 23:46:1.637Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
5/3/2020 - 23:46:1.637Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
5/3/2020 - 23:46:1.637Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
5/3/2020 - 23:46:1.731Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
5/3/2020 - 23:46:1.731Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
5/3/2020 - 23:46:1.731Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
5/3/2020 - 23:46:1.731Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
5/3/2020 - 23:46:1.825Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
5/3/2020 - 23:46:1.825Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
5/3/2020 - 23:46:1.825Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
5/3/2020 - 23:46:1.825Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
5/3/2020 - 23:46:1.965Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
5/3/2020 - 23:46:1.965Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
5/3/2020 - 23:46:1.965Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
5/3/2020 - 23:46:1.965Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
5/3/2020 - 23:46:2.106Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
5/3/2020 - 23:46:2.153Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
5/3/2020 - 23:46:2.153Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
5/3/2020 - 23:46:2.153Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
5/3/2020 - 23:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
5/3/2020 - 23:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
5/3/2020 - 23:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
5/3/2020 - 23:46:2.293Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
5/3/2020 - 23:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
5/3/2020 - 23:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
5/3/2020 - 23:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
5/3/2020 - 23:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
5/3/2020 - 23:46:2.481Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
5/3/2020 - 23:46:2.481Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
5/3/2020 - 23:46:2.481Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
5/3/2020 - 23:46:2.481Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
5/3/2020 - 23:46:3.43Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
5/3/2020 - 23:46:3.465Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
5/3/2020 - 23:46:3.512Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
5/3/2020 - 23:46:3.559Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
5/3/2020 - 23:46:3.606Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
5/3/2020 - 23:46:3.606Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
5/3/2020 - 23:46:3.606Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
5/3/2020 - 23:46:3.700Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
5/3/2020 - 23:46:3.700Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
5/3/2020 - 23:46:3.700Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
5/3/2020 - 23:46:3.700Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
5/3/2020 - 23:46:3.840Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
5/3/2020 - 23:46:3.840Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
5/3/2020 - 23:46:3.840Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
5/3/2020 - 23:46:3.840Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
5/3/2020 - 23:46:3.934Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
5/3/2020 - 23:46:3.934Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
5/3/2020 - 23:46:3.934Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
5/3/2020 - 23:46:3.934Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
5/3/2020 - 23:46:4.28Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
5/3/2020 - 23:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
5/3/2020 - 23:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
5/3/2020 - 23:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
5/3/2020 - 23:46:4.168Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
5/3/2020 - 23:46:4.215Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
5/3/2020 - 23:46:4.215Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
5/3/2020 - 23:46:4.215Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
5/3/2020 - 23:46:4.309Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
5/3/2020 - 23:46:4.309Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
5/3/2020 - 23:46:4.309Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
5/3/2020 - 23:46:4.309Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
5/3/2020 - 23:46:4.403Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
5/3/2020 - 23:46:4.403Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
5/3/2020 - 23:46:4.403Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
5/3/2020 - 23:46:4.403Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
5/3/2020 - 23:46:4.497Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
5/3/2020 - 23:46:4.543Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
5/3/2020 - 23:46:4.543Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
5/3/2020 - 23:46:4.543Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
5/3/2020 - 23:46:4.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
5/3/2020 - 23:46:4.684Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
5/3/2020 - 23:46:4.684Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
5/3/2020 - 23:46:4.684Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
5/3/2020 - 23:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
5/3/2020 - 23:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
5/3/2020 - 23:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
5/3/2020 - 23:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
5/3/2020 - 23:46:4.872Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
5/3/2020 - 23:46:4.872Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
5/3/2020 - 23:46:4.872Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
5/3/2020 - 23:46:4.872Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
5/3/2020 - 23:46:4.965Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
5/3/2020 - 23:46:4.965Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
5/3/2020 - 23:46:4.965Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
5/3/2020 - 23:46:4.965Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
5/3/2020 - 23:46:5.59Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
5/3/2020 - 23:46:5.59Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
5/3/2020 - 23:46:5.59Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
5/3/2020 - 23:46:5.59Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
5/3/2020 - 23:46:5.153Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
5/3/2020 - 23:46:5.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
5/3/2020 - 23:46:5.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
5/3/2020 - 23:46:5.200Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
5/3/2020 - 23:46:5.481Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
5/3/2020 - 23:46:5.622Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
5/3/2020 - 23:46:5.622Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
5/3/2020 - 23:46:5.622Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
5/3/2020 - 23:46:5.903Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
5/3/2020 - 23:46:6.43Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
5/3/2020 - 23:46:6.43Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
5/3/2020 - 23:46:6.43Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
5/3/2020 - 23:46:6.184Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
5/3/2020 - 23:46:6.278Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
5/3/2020 - 23:46:6.278Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
5/3/2020 - 23:46:6.278Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
5/3/2020 - 23:46:6.372Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
5/3/2020 - 23:46:6.418Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
5/3/2020 - 23:46:6.418Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
5/3/2020 - 23:46:6.418Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
5/3/2020 - 23:46:7.75Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
5/3/2020 - 23:46:7.778Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
5/3/2020 - 23:46:8.153Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
5/3/2020 - 23:46:8.575Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
5/3/2020 - 23:46:8.950Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
5/3/2020 - 23:46:8.950Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
5/3/2020 - 23:46:8.950Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
5/3/2020 - 23:46:9.606Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
5/3/2020 - 23:46:10.309Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
5/3/2020 - 23:46:10.684Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
5/3/2020 - 23:46:11.106Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
5/3/2020 - 23:46:11.481Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
5/3/2020 - 23:46:11.481Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
5/3/2020 - 23:46:11.481Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
5/3/2020 - 23:46:11.622Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
5/3/2020 - 23:46:11.668Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
5/3/2020 - 23:46:11.668Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
5/3/2020 - 23:46:11.668Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
5/3/2020 - 23:46:11.997Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
5/3/2020 - 23:46:12.372Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
5/3/2020 - 23:46:12.372Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
5/3/2020 - 23:46:12.372Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
5/3/2020 - 23:46:12.700Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
5/3/2020 - 23:46:12.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
5/3/2020 - 23:46:12.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
5/3/2020 - 23:46:12.981Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
5/3/2020 - 23:46:13.356Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
5/3/2020 - 23:46:13.731Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
5/3/2020 - 23:46:13.731Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
5/3/2020 - 23:46:13.731Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
5/3/2020 - 23:46:14.106Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
5/3/2020 - 23:46:14.481Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
5/3/2020 - 23:46:14.481Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
5/3/2020 - 23:46:14.481Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
5/3/2020 - 23:46:14.997Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
5/3/2020 - 23:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
5/3/2020 - 23:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
5/3/2020 - 23:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
5/3/2020 - 23:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
5/3/2020 - 23:46:15.372Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
5/3/2020 - 23:46:15.887Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
5/3/2020 - 23:46:16.356Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
5/3/2020 - 23:46:16.356Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
5/3/2020 - 23:46:16.356Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
5/3/2020 - 23:46:16.356Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
5/3/2020 - 23:46:16.356Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
5/3/2020 - 23:46:16.497Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
5/3/2020 - 23:46:16.590Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
5/3/2020 - 23:46:16.590Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
5/3/2020 - 23:46:16.590Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
5/3/2020 - 23:46:17.12Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
5/3/2020 - 23:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
5/3/2020 - 23:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
5/3/2020 - 23:46:17.575Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
5/3/2020 - 23:46:17.575Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
5/3/2020 - 23:46:17.575Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
5/3/2020 - 23:46:17.950Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
5/3/2020 - 23:46:18.278Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
5/3/2020 - 23:46:18.372Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
5/3/2020 - 23:46:18.372Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
5/3/2020 - 23:46:18.372Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
5/3/2020 - 23:46:18.465Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
5/3/2020 - 23:46:18.465Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
5/3/2020 - 23:46:18.465Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
5/3/2020 - 23:46:18.465Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
5/3/2020 - 23:46:18.559Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
5/3/2020 - 23:46:18.559Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
5/3/2020 - 23:46:18.559Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
5/3/2020 - 23:46:18.559Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
5/3/2020 - 23:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
5/3/2020 - 23:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
5/3/2020 - 23:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
5/3/2020 - 23:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
5/3/2020 - 23:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
5/3/2020 - 23:46:18.887Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
5/3/2020 - 23:46:18.887Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
5/3/2020 - 23:46:18.887Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
5/3/2020 - 23:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
5/3/2020 - 23:46:19.75Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
5/3/2020 - 23:46:19.75Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
5/3/2020 - 23:46:19.75Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
5/3/2020 - 23:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
5/3/2020 - 23:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
5/3/2020 - 23:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
5/3/2020 - 23:46:19.215Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
5/3/2020 - 23:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
5/3/2020 - 23:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
5/3/2020 - 23:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
5/3/2020 - 23:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
5/3/2020 - 23:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
5/3/2020 - 23:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
5/3/2020 - 23:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
5/3/2020 - 23:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
5/3/2020 - 23:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
5/3/2020 - 23:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
5/3/2020 - 23:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
5/3/2020 - 23:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
5/3/2020 - 23:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
5/3/2020 - 23:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
5/3/2020 - 23:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
5/3/2020 - 23:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
5/3/2020 - 23:46:19.918Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
5/3/2020 - 23:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
5/3/2020 - 23:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
5/3/2020 - 23:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
5/3/2020 - 23:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
5/3/2020 - 23:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
5/3/2020 - 23:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
5/3/2020 - 23:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
5/3/2020 - 23:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
5/3/2020 - 23:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
5/3/2020 - 23:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
5/3/2020 - 23:46:20.106Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
5/3/2020 - 23:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
5/3/2020 - 23:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
5/3/2020 - 23:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
5/3/2020 - 23:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
5/3/2020 - 23:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
5/3/2020 - 23:46:20.387Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
5/3/2020 - 23:46:20.528Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
5/3/2020 - 23:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
5/3/2020 - 23:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
5/3/2020 - 23:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
5/3/2020 - 23:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
5/3/2020 - 23:46:20.809Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
5/3/2020 - 23:46:20.809Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
5/3/2020 - 23:46:20.809Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
5/3/2020 - 23:46:20.903Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
5/3/2020 - 23:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
5/3/2020 - 23:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
5/3/2020 - 23:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
5/3/2020 - 23:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
5/3/2020 - 23:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
5/3/2020 - 23:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
5/3/2020 - 23:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
5/3/2020 - 23:46:21.512Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
5/3/2020 - 23:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
5/3/2020 - 23:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
5/3/2020 - 23:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
5/3/2020 - 23:46:21.606Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
5/3/2020 - 23:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
5/3/2020 - 23:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
5/3/2020 - 23:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
5/3/2020 - 23:46:21.700Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
5/3/2020 - 23:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
5/3/2020 - 23:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
5/3/2020 - 23:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
5/3/2020 - 23:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
5/3/2020 - 23:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
5/3/2020 - 23:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
5/3/2020 - 23:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
5/3/2020 - 23:46:21.793Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
5/3/2020 - 23:46:21.934Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
5/3/2020 - 23:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
5/3/2020 - 23:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
5/3/2020 - 23:46:22.28Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
5/3/2020 - 23:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
5/3/2020 - 23:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
5/3/2020 - 23:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
5/3/2020 - 23:46:22.75Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
5/3/2020 - 23:46:22.215Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
5/3/2020 - 23:46:22.309Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
5/3/2020 - 23:46:22.309Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
5/3/2020 - 23:46:22.309Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
5/3/2020 - 23:46:22.403Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
5/3/2020 - 23:46:22.403Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
5/3/2020 - 23:46:22.403Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
5/3/2020 - 23:46:22.403Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
5/3/2020 - 23:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
5/3/2020 - 23:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
5/3/2020 - 23:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
5/3/2020 - 23:46:22.497Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
5/3/2020 - 23:46:22.590Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
5/3/2020 - 23:46:22.590Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
5/3/2020 - 23:46:22.590Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
5/3/2020 - 23:46:22.590Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
5/3/2020 - 23:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
5/3/2020 - 23:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
5/3/2020 - 23:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
5/3/2020 - 23:46:22.684Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
5/3/2020 - 23:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
5/3/2020 - 23:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
5/3/2020 - 23:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
5/3/2020 - 23:46:22.778Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
5/3/2020 - 23:46:22.918Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
5/3/2020 - 23:46:22.918Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
5/3/2020 - 23:46:22.918Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
5/3/2020 - 23:46:22.918Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
5/3/2020 - 23:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
5/3/2020 - 23:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
5/3/2020 - 23:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
5/3/2020 - 23:46:23.59Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
5/3/2020 - 23:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
5/3/2020 - 23:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
5/3/2020 - 23:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
5/3/2020 - 23:46:23.106Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
5/3/2020 - 23:46:23.153Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
5/3/2020 - 23:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
5/3/2020 - 23:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
5/3/2020 - 23:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
5/3/2020 - 23:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
5/3/2020 - 23:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
5/3/2020 - 23:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
5/3/2020 - 23:46:23.340Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
5/3/2020 - 23:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
5/3/2020 - 23:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
5/3/2020 - 23:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
5/3/2020 - 23:46:23.434Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
5/3/2020 - 23:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
5/3/2020 - 23:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
5/3/2020 - 23:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
5/3/2020 - 23:46:23.528Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
5/3/2020 - 23:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
5/3/2020 - 23:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
5/3/2020 - 23:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
5/3/2020 - 23:46:23.622Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
5/3/2020 - 23:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
5/3/2020 - 23:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
5/3/2020 - 23:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
5/3/2020 - 23:46:23.715Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
5/3/2020 - 23:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
5/3/2020 - 23:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
5/3/2020 - 23:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
5/3/2020 - 23:46:23.809Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
5/3/2020 - 23:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
5/3/2020 - 23:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
5/3/2020 - 23:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
5/3/2020 - 23:46:23.903Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
5/3/2020 - 23:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
5/3/2020 - 23:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
5/3/2020 - 23:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
5/3/2020 - 23:46:23.997Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
5/3/2020 - 23:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
5/3/2020 - 23:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
5/3/2020 - 23:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
5/3/2020 - 23:46:24.90Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
5/3/2020 - 23:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
5/3/2020 - 23:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
5/3/2020 - 23:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
5/3/2020 - 23:46:24.184Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
5/3/2020 - 23:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
5/3/2020 - 23:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
5/3/2020 - 23:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
5/3/2020 - 23:46:24.278Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
5/3/2020 - 23:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
5/3/2020 - 23:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
5/3/2020 - 23:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
5/3/2020 - 23:46:24.372Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
5/3/2020 - 23:46:24.512Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
5/3/2020 - 23:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
5/3/2020 - 23:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
5/3/2020 - 23:46:24.559Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
5/3/2020 - 23:46:24.700Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
5/3/2020 - 23:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
5/3/2020 - 23:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
5/3/2020 - 23:46:24.747Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
5/3/2020 - 23:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
5/3/2020 - 23:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
5/3/2020 - 23:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
5/3/2020 - 23:46:24.840Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
5/3/2020 - 23:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
5/3/2020 - 23:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
5/3/2020 - 23:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
5/3/2020 - 23:46:24.934Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
5/3/2020 - 23:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
5/3/2020 - 23:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
5/3/2020 - 23:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
5/3/2020 - 23:46:25.28Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
5/3/2020 - 23:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
5/3/2020 - 23:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
5/3/2020 - 23:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
5/3/2020 - 23:46:25.122Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
5/3/2020 - 23:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
5/3/2020 - 23:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
5/3/2020 - 23:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
5/3/2020 - 23:46:25.215Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
5/3/2020 - 23:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
5/3/2020 - 23:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
5/3/2020 - 23:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
5/3/2020 - 23:46:25.309Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
5/3/2020 - 23:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
5/3/2020 - 23:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
5/3/2020 - 23:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
5/3/2020 - 23:46:25.403Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
5/3/2020 - 23:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
5/3/2020 - 23:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
5/3/2020 - 23:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
5/3/2020 - 23:46:25.497Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
5/3/2020 - 23:46:25.637Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
5/3/2020 - 23:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
5/3/2020 - 23:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
5/3/2020 - 23:46:25.684Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
5/3/2020 - 23:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
5/3/2020 - 23:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
5/3/2020 - 23:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
5/3/2020 - 23:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
5/3/2020 - 23:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
5/3/2020 - 23:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
5/3/2020 - 23:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
5/3/2020 - 23:46:25.778Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
5/3/2020 - 23:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
5/3/2020 - 23:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
5/3/2020 - 23:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
5/3/2020 - 23:46:25.872Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
5/3/2020 - 23:46:25.965Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
5/3/2020 - 23:46:25.965Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
5/3/2020 - 23:46:25.965Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
5/3/2020 - 23:46:25.965Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
5/3/2020 - 23:46:26.59Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
5/3/2020 - 23:46:26.59Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
5/3/2020 - 23:46:26.59Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
5/3/2020 - 23:46:26.59Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
5/3/2020 - 23:46:26.153Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
5/3/2020 - 23:46:26.153Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
5/3/2020 - 23:46:26.153Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
5/3/2020 - 23:46:26.153Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
5/3/2020 - 23:46:26.247Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
5/3/2020 - 23:46:26.247Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
5/3/2020 - 23:46:26.247Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
5/3/2020 - 23:46:26.247Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
5/3/2020 - 23:46:26.340Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
5/3/2020 - 23:46:26.340Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
5/3/2020 - 23:46:26.340Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
5/3/2020 - 23:46:26.340Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\script.fon
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\script.fon
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\script.fon
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
5/3/2020 - 23:46:26.434Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
5/3/2020 - 23:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
5/3/2020 - 23:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
5/3/2020 - 23:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
5/3/2020 - 23:46:26.528Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
5/3/2020 - 23:46:26.668Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
5/3/2020 - 23:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
5/3/2020 - 23:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
5/3/2020 - 23:46:26.856Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
5/3/2020 - 23:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
5/3/2020 - 23:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
5/3/2020 - 23:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
5/3/2020 - 23:46:26.950Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
5/3/2020 - 23:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
5/3/2020 - 23:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
5/3/2020 - 23:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
5/3/2020 - 23:46:27.43Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
5/3/2020 - 23:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
5/3/2020 - 23:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
5/3/2020 - 23:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
5/3/2020 - 23:46:27.137Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
5/3/2020 - 23:46:27.278Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
5/3/2020 - 23:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
5/3/2020 - 23:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
5/3/2020 - 23:46:27.418Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
5/3/2020 - 23:46:27.559Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
5/3/2020 - 23:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
5/3/2020 - 23:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
5/3/2020 - 23:46:27.700Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
5/3/2020 - 23:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
5/3/2020 - 23:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
5/3/2020 - 23:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
5/3/2020 - 23:46:27.793Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
5/3/2020 - 23:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
5/3/2020 - 23:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
5/3/2020 - 23:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
5/3/2020 - 23:46:27.887Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
5/3/2020 - 23:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
5/3/2020 - 23:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
5/3/2020 - 23:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
5/3/2020 - 23:46:27.981Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
5/3/2020 - 23:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
5/3/2020 - 23:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
5/3/2020 - 23:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
5/3/2020 - 23:46:28.75Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
5/3/2020 - 23:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
5/3/2020 - 23:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
5/3/2020 - 23:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
5/3/2020 - 23:46:28.168Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
5/3/2020 - 23:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
5/3/2020 - 23:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
5/3/2020 - 23:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
5/3/2020 - 23:46:28.262Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
5/3/2020 - 23:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
5/3/2020 - 23:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
5/3/2020 - 23:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
5/3/2020 - 23:46:28.356Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
5/3/2020 - 23:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
5/3/2020 - 23:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
5/3/2020 - 23:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
5/3/2020 - 23:46:28.450Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
5/3/2020 - 23:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
5/3/2020 - 23:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
5/3/2020 - 23:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
5/3/2020 - 23:46:28.543Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
5/3/2020 - 23:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
5/3/2020 - 23:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
5/3/2020 - 23:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
5/3/2020 - 23:46:28.637Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
5/3/2020 - 23:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
5/3/2020 - 23:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
5/3/2020 - 23:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
5/3/2020 - 23:46:28.731Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
5/3/2020 - 23:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
5/3/2020 - 23:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
5/3/2020 - 23:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
5/3/2020 - 23:46:28.825Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
5/3/2020 - 23:46:29.106Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
5/3/2020 - 23:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
5/3/2020 - 23:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
5/3/2020 - 23:46:29.200Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
5/3/2020 - 23:46:29.481Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
5/3/2020 - 23:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
5/3/2020 - 23:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
5/3/2020 - 23:46:29.575Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
5/3/2020 - 23:46:29.856Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
5/3/2020 - 23:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
5/3/2020 - 23:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
5/3/2020 - 23:46:29.950Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
5/3/2020 - 23:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
5/3/2020 - 23:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
5/3/2020 - 23:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
5/3/2020 - 23:46:30.43Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
5/3/2020 - 23:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
5/3/2020 - 23:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
5/3/2020 - 23:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
5/3/2020 - 23:46:30.137Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
5/3/2020 - 23:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
5/3/2020 - 23:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
5/3/2020 - 23:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
5/3/2020 - 23:46:30.231Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
5/3/2020 - 23:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
5/3/2020 - 23:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
5/3/2020 - 23:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
5/3/2020 - 23:46:30.325Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
5/3/2020 - 23:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
5/3/2020 - 23:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
5/3/2020 - 23:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
5/3/2020 - 23:46:30.418Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
5/3/2020 - 23:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
5/3/2020 - 23:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
5/3/2020 - 23:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
5/3/2020 - 23:46:30.512Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
5/3/2020 - 23:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
5/3/2020 - 23:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
5/3/2020 - 23:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
5/3/2020 - 23:46:30.606Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
5/3/2020 - 23:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
5/3/2020 - 23:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
5/3/2020 - 23:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
5/3/2020 - 23:46:30.700Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
5/3/2020 - 23:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
5/3/2020 - 23:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
5/3/2020 - 23:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
5/3/2020 - 23:46:30.793Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
5/3/2020 - 23:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
5/3/2020 - 23:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
5/3/2020 - 23:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
5/3/2020 - 23:46:30.887Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
5/3/2020 - 23:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
5/3/2020 - 23:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
5/3/2020 - 23:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
5/3/2020 - 23:46:30.981Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
5/3/2020 - 23:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
5/3/2020 - 23:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
5/3/2020 - 23:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
5/3/2020 - 23:46:31.75Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
5/3/2020 - 23:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
5/3/2020 - 23:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
5/3/2020 - 23:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
5/3/2020 - 23:46:31.168Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
5/3/2020 - 23:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
5/3/2020 - 23:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
5/3/2020 - 23:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
5/3/2020 - 23:46:31.262Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
5/3/2020 - 23:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
5/3/2020 - 23:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
5/3/2020 - 23:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
5/3/2020 - 23:46:31.356Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
5/3/2020 - 23:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
5/3/2020 - 23:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
5/3/2020 - 23:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
5/3/2020 - 23:46:31.450Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
5/3/2020 - 23:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
5/3/2020 - 23:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
5/3/2020 - 23:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
5/3/2020 - 23:46:31.543Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
5/3/2020 - 23:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
5/3/2020 - 23:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
5/3/2020 - 23:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
5/3/2020 - 23:46:31.637Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
5/3/2020 - 23:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
5/3/2020 - 23:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
5/3/2020 - 23:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
5/3/2020 - 23:46:31.731Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
5/3/2020 - 23:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
5/3/2020 - 23:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
5/3/2020 - 23:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
5/3/2020 - 23:46:31.825Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
5/3/2020 - 23:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
5/3/2020 - 23:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
5/3/2020 - 23:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
5/3/2020 - 23:46:31.918Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
5/3/2020 - 23:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
5/3/2020 - 23:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
5/3/2020 - 23:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
5/3/2020 - 23:46:32.12Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
5/3/2020 - 23:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
5/3/2020 - 23:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
5/3/2020 - 23:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
5/3/2020 - 23:46:32.106Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
5/3/2020 - 23:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
5/3/2020 - 23:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
5/3/2020 - 23:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
5/3/2020 - 23:46:32.200Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
5/3/2020 - 23:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
5/3/2020 - 23:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
5/3/2020 - 23:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
5/3/2020 - 23:46:32.293Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
5/3/2020 - 23:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
5/3/2020 - 23:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
5/3/2020 - 23:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
5/3/2020 - 23:46:32.387Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
5/3/2020 - 23:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
5/3/2020 - 23:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
5/3/2020 - 23:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
5/3/2020 - 23:46:32.481Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
5/3/2020 - 23:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
5/3/2020 - 23:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
5/3/2020 - 23:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
5/3/2020 - 23:46:32.575Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
5/3/2020 - 23:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
5/3/2020 - 23:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
5/3/2020 - 23:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
5/3/2020 - 23:46:32.668Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
5/3/2020 - 23:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
5/3/2020 - 23:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
5/3/2020 - 23:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
5/3/2020 - 23:46:32.762Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
5/3/2020 - 23:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
5/3/2020 - 23:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
5/3/2020 - 23:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
5/3/2020 - 23:46:32.856Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
5/3/2020 - 23:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
5/3/2020 - 23:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
5/3/2020 - 23:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
5/3/2020 - 23:46:32.950Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
5/3/2020 - 23:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
5/3/2020 - 23:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
5/3/2020 - 23:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
5/3/2020 - 23:46:33.43Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
5/3/2020 - 23:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
5/3/2020 - 23:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
5/3/2020 - 23:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
5/3/2020 - 23:46:33.137Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
5/3/2020 - 23:46:33.231Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
5/3/2020 - 23:46:33.231Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
5/3/2020 - 23:46:33.231Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
5/3/2020 - 23:46:33.231Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
5/3/2020 - 23:46:33.325Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
5/3/2020 - 23:46:33.325Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
5/3/2020 - 23:46:33.325Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
5/3/2020 - 23:46:33.325Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
5/3/2020 - 23:46:33.418Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
5/3/2020 - 23:46:33.418Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
5/3/2020 - 23:46:33.418Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
5/3/2020 - 23:46:33.418Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
5/3/2020 - 23:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
5/3/2020 - 23:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
5/3/2020 - 23:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
5/3/2020 - 23:46:33.512Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
5/3/2020 - 23:46:33.606Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
5/3/2020 - 23:46:33.606Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
5/3/2020 - 23:46:33.606Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
5/3/2020 - 23:46:33.606Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
5/3/2020 - 23:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
5/3/2020 - 23:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
5/3/2020 - 23:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
5/3/2020 - 23:46:33.700Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
5/3/2020 - 23:46:33.793Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
5/3/2020 - 23:46:33.793Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
5/3/2020 - 23:46:33.793Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
5/3/2020 - 23:46:33.793Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
5/3/2020 - 23:46:33.887Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
5/3/2020 - 23:46:33.887Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
5/3/2020 - 23:46:33.887Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
5/3/2020 - 23:46:33.887Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
5/3/2020 - 23:46:33.981Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
5/3/2020 - 23:46:33.981Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
5/3/2020 - 23:46:33.981Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
5/3/2020 - 23:46:33.981Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
5/3/2020 - 23:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
5/3/2020 - 23:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
5/3/2020 - 23:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
5/3/2020 - 23:46:34.75Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
5/3/2020 - 23:46:34.356Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
5/3/2020 - 23:46:34.497Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
5/3/2020 - 23:46:34.497Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
5/3/2020 - 23:46:34.497Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
5/3/2020 - 23:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
5/3/2020 - 23:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
5/3/2020 - 23:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
5/3/2020 - 23:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
5/3/2020 - 23:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
5/3/2020 - 23:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
5/3/2020 - 23:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
5/3/2020 - 23:46:34.637Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
5/3/2020 - 23:46:34.684Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
5/3/2020 - 23:46:34.872Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
5/3/2020 - 23:46:34.872Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
5/3/2020 - 23:46:34.872Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
5/3/2020 - 23:46:35.12Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
5/3/2020 - 23:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
5/3/2020 - 23:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
5/3/2020 - 23:46:35.200Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
5/3/2020 - 23:46:35.340Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
5/3/2020 - 23:46:35.528Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
5/3/2020 - 23:46:35.528Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
5/3/2020 - 23:46:35.528Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
5/3/2020 - 23:46:35.668Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
5/3/2020 - 23:46:35.856Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
5/3/2020 - 23:46:35.856Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
5/3/2020 - 23:46:35.856Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
5/3/2020 - 23:46:36.184Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
5/3/2020 - 23:46:36.418Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
5/3/2020 - 23:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
5/3/2020 - 23:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
5/3/2020 - 23:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
5/3/2020 - 23:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
5/3/2020 - 23:46:37.75Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
5/3/2020 - 23:46:37.75Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
5/3/2020 - 23:46:37.75Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
5/3/2020 - 23:46:37.215Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
5/3/2020 - 23:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
5/3/2020 - 23:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
5/3/2020 - 23:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
5/3/2020 - 23:46:37.684Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
5/3/2020 - 23:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
5/3/2020 - 23:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
5/3/2020 - 23:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
5/3/2020 - 23:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
5/3/2020 - 23:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
5/3/2020 - 23:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
5/3/2020 - 23:46:38.12Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
5/3/2020 - 23:46:38.106Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
5/3/2020 - 23:46:38.106Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
5/3/2020 - 23:46:38.106Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
5/3/2020 - 23:46:38.106Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
5/3/2020 - 23:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
5/3/2020 - 23:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
5/3/2020 - 23:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
5/3/2020 - 23:46:38.200Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
5/3/2020 - 23:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
5/3/2020 - 23:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
5/3/2020 - 23:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
5/3/2020 - 23:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
5/3/2020 - 23:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
5/3/2020 - 23:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
5/3/2020 - 23:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
5/3/2020 - 23:46:38.293Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
5/3/2020 - 23:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
5/3/2020 - 23:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
5/3/2020 - 23:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
5/3/2020 - 23:46:38.387Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
5/3/2020 - 23:46:38.528Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
5/3/2020 - 23:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
5/3/2020 - 23:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
5/3/2020 - 23:46:38.575Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
5/3/2020 - 23:46:38.715Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
5/3/2020 - 23:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
5/3/2020 - 23:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
5/3/2020 - 23:46:38.762Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
5/3/2020 - 23:46:38.903Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
5/3/2020 - 23:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
5/3/2020 - 23:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
5/3/2020 - 23:46:38.950Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
5/3/2020 - 23:46:39.90Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
5/3/2020 - 23:46:39.137Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
5/3/2020 - 23:46:39.137Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
5/3/2020 - 23:46:39.137Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
5/3/2020 - 23:46:39.231Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
5/3/2020 - 23:46:39.325Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
5/3/2020 - 23:46:39.325Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
5/3/2020 - 23:46:39.325Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
5/3/2020 - 23:46:39.418Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
5/3/2020 - 23:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
5/3/2020 - 23:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
5/3/2020 - 23:46:39.512Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
5/3/2020 - 23:46:39.606Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
5/3/2020 - 23:46:39.700Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
5/3/2020 - 23:46:39.700Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
5/3/2020 - 23:46:39.700Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
5/3/2020 - 23:46:39.793Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
5/3/2020 - 23:46:39.887Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
5/3/2020 - 23:46:39.887Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
5/3/2020 - 23:46:39.887Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
5/3/2020 - 23:46:39.981Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
5/3/2020 - 23:46:40.28Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
5/3/2020 - 23:46:40.28Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
5/3/2020 - 23:46:40.28Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
5/3/2020 - 23:46:40.122Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
5/3/2020 - 23:46:40.168Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
5/3/2020 - 23:46:40.168Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
5/3/2020 - 23:46:40.168Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
5/3/2020 - 23:46:40.262Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
5/3/2020 - 23:46:40.309Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
5/3/2020 - 23:46:40.309Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
5/3/2020 - 23:46:40.309Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
5/3/2020 - 23:46:40.403Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
5/3/2020 - 23:46:40.450Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
5/3/2020 - 23:46:40.450Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
5/3/2020 - 23:46:40.450Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
5/3/2020 - 23:46:40.543Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
5/3/2020 - 23:46:40.543Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
5/3/2020 - 23:46:40.543Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
5/3/2020 - 23:46:40.543Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
5/3/2020 - 23:46:40.637Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
5/3/2020 - 23:46:40.637Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
5/3/2020 - 23:46:40.637Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
5/3/2020 - 23:46:40.637Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
5/3/2020 - 23:46:40.778Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
5/3/2020 - 23:46:42.372Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
5/3/2020 - 23:46:42.372Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
5/3/2020 - 23:46:42.372Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
5/3/2020 - 23:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
5/3/2020 - 23:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
5/3/2020 - 23:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
5/3/2020 - 23:46:42.465Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
5/3/2020 - 23:46:42.559Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
5/3/2020 - 23:46:42.559Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
5/3/2020 - 23:46:42.559Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
5/3/2020 - 23:46:42.559Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
5/3/2020 - 23:46:42.653Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
5/3/2020 - 23:46:42.653Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
5/3/2020 - 23:46:42.653Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
5/3/2020 - 23:46:42.653Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
5/3/2020 - 23:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
5/3/2020 - 23:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
5/3/2020 - 23:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
5/3/2020 - 23:46:42.747Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
5/3/2020 - 23:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
5/3/2020 - 23:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
5/3/2020 - 23:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
5/3/2020 - 23:46:42.887Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
5/3/2020 - 23:46:43.28Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
5/3/2020 - 23:46:43.28Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
5/3/2020 - 23:46:43.28Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
5/3/2020 - 23:46:43.28Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
5/3/2020 - 23:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
5/3/2020 - 23:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
5/3/2020 - 23:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
5/3/2020 - 23:46:43.168Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
5/3/2020 - 23:46:43.309Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
5/3/2020 - 23:46:43.309Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
5/3/2020 - 23:46:43.309Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
5/3/2020 - 23:46:43.309Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
5/3/2020 - 23:46:43.403Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
5/3/2020 - 23:46:43.403Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
5/3/2020 - 23:46:43.403Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
5/3/2020 - 23:46:43.403Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
5/3/2020 - 23:46:43.497Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
5/3/2020 - 23:46:43.497Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
5/3/2020 - 23:46:43.497Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
5/3/2020 - 23:46:43.497Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
5/3/2020 - 23:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
5/3/2020 - 23:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
5/3/2020 - 23:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
5/3/2020 - 23:46:43.590Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
5/3/2020 - 23:46:43.684Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
5/3/2020 - 23:46:43.684Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
5/3/2020 - 23:46:43.684Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
5/3/2020 - 23:46:43.684Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
5/3/2020 - 23:46:43.778Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
5/3/2020 - 23:46:43.778Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
5/3/2020 - 23:46:43.778Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
5/3/2020 - 23:46:43.778Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
5/3/2020 - 23:46:43.872Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
5/3/2020 - 23:46:43.872Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
5/3/2020 - 23:46:43.872Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
5/3/2020 - 23:46:43.872Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
5/3/2020 - 23:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
5/3/2020 - 23:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
5/3/2020 - 23:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
5/3/2020 - 23:46:44.12Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
5/3/2020 - 23:46:44.153Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
5/3/2020 - 23:46:44.153Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
5/3/2020 - 23:46:44.153Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
5/3/2020 - 23:46:44.153Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
5/3/2020 - 23:46:44.293Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
5/3/2020 - 23:46:44.293Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
5/3/2020 - 23:46:44.293Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
5/3/2020 - 23:46:44.293Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
5/3/2020 - 23:46:44.434Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
5/3/2020 - 23:46:44.434Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
5/3/2020 - 23:46:44.434Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
5/3/2020 - 23:46:44.434Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
5/3/2020 - 23:46:44.528Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
5/3/2020 - 23:46:44.528Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.528Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
5/3/2020 - 23:46:44.528Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.575Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.622Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.668Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
5/3/2020 - 23:46:44.668Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.715Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.762Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.809Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.856Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.903Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.950Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.997Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
5/3/2020 - 23:46:44.997Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
5/3/2020 - 23:46:44.997Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
5/3/2020 - 23:46:44.997Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
5/3/2020 - 23:46:45.137Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:45.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:45.512Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:45.512Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:45.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
5/3/2020 - 23:46:45.512Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
5/3/2020 - 23:46:45.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:45.700Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
5/3/2020 - 23:46:45.700Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
5/3/2020 - 23:46:45.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:45.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:45.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:45.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:45.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:45.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:46.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:46.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:46.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:46.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:47.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.528Open1480C:\malware.exeC:\dwmapi.dll
5/3/2020 - 23:46:47.528Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
5/3/2020 - 23:46:47.528Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
5/3/2020 - 23:46:47.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.575Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
5/3/2020 - 23:46:47.575Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.575Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.575Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.575Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:46:47.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:47.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:47.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:47.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:47.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:46:47.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:46:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:46:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\shfolder.dll
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:13.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:13.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:13.231Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:13.231Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:13.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:13.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\jopx.exe
5/3/2020 - 23:47:13.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:13.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:13.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:13.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:13.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
5/3/2020 - 23:47:13.934Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:13.934Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
5/3/2020 - 23:47:13.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:13.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
5/3/2020 - 23:47:14.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
5/3/2020 - 23:47:14.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:14.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:14.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:14.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:15.12Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
5/3/2020 - 23:47:15.106Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.106Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
5/3/2020 - 23:47:15.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:47:15.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:47:15.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:15.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:16.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
5/3/2020 - 23:47:16.325Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
5/3/2020 - 23:47:16.465Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
5/3/2020 - 23:47:16.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
5/3/2020 - 23:47:16.559Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
5/3/2020 - 23:47:16.559Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
5/3/2020 - 23:47:16.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.840Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:16.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
5/3/2020 - 23:47:16.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
5/3/2020 - 23:47:16.981Open1480C:\malware.exeC:\malware.config
5/3/2020 - 23:47:16.981Open1480C:\malware.exeC:\malware.config
5/3/2020 - 23:47:16.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:17.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:17.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:17.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:17.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:17.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:17.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\decisao.zip
5/3/2020 - 23:47:17.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:17.825Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
5/3/2020 - 23:47:17.825Open1480C:\malware.exeC:\rasapi32.dll
5/3/2020 - 23:47:17.825Open1480C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
5/3/2020 - 23:47:17.825Open1480C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
5/3/2020 - 23:47:18.106Open1480C:\malware.exeC:\rasman.dll
5/3/2020 - 23:47:18.106Open1480C:\malware.exeC:\Windows\SysWOW64\rasman.dll
5/3/2020 - 23:47:18.106Open1480C:\malware.exeC:\Windows\SysWOW64\rasman.dll
5/3/2020 - 23:47:18.481Open1480C:\malware.exeC:\rtutils.dll
5/3/2020 - 23:47:18.481Open1480C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
5/3/2020 - 23:47:18.528Open1480C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.856Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
5/3/2020 - 23:47:18.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.872Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
5/3/2020 - 23:47:18.872Open1480C:\malware.exeC:\malware.config
5/3/2020 - 23:47:18.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.872Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:18.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:18.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
5/3/2020 - 23:47:18.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:18.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
5/3/2020 - 23:47:18.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
5/3/2020 - 23:47:18.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\winhttp.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\webio.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
5/3/2020 - 23:47:18.887Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
5/3/2020 - 23:47:18.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.903Open1480C:\malware.exeC:\cryptsp.dll
5/3/2020 - 23:47:18.903Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
5/3/2020 - 23:47:18.903Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
5/3/2020 - 23:47:18.950Open1480C:\malware.exeC:\credssp.dll
5/3/2020 - 23:47:18.950Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
5/3/2020 - 23:47:18.950Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
5/3/2020 - 23:47:18.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:18.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.43Open1480C:\malware.exeC:\IPHLPAPI.DLL
5/3/2020 - 23:47:19.43Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
5/3/2020 - 23:47:19.43Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
5/3/2020 - 23:47:19.43Open1480C:\malware.exeC:\WINNSI.DLL
5/3/2020 - 23:47:19.43Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
5/3/2020 - 23:47:19.43Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
5/3/2020 - 23:47:19.43Open1480C:\malware.exeC:\dhcpcsvc6.DLL
5/3/2020 - 23:47:19.43Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
5/3/2020 - 23:47:19.43Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
5/3/2020 - 23:47:19.43Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
5/3/2020 - 23:47:19.43Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
5/3/2020 - 23:47:19.90Open1480C:\malware.exeC:\dhcpcsvc.DLL
5/3/2020 - 23:47:19.90Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
5/3/2020 - 23:47:19.90Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
5/3/2020 - 23:47:19.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\CRYPTSP.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\RpcRtRemote.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
5/3/2020 - 23:47:19.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
5/3/2020 - 23:47:19.418Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
5/3/2020 - 23:47:19.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
5/3/2020 - 23:47:19.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
5/3/2020 - 23:47:19.512Open1480C:\malware.exeC:\DNSAPI.dll
5/3/2020 - 23:47:19.512Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
5/3/2020 - 23:47:19.512Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
5/3/2020 - 23:47:19.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.700Open1480C:\malware.exeC:\rasadhlp.dll
5/3/2020 - 23:47:19.700Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
5/3/2020 - 23:47:19.700Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:19.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
5/3/2020 - 23:47:19.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:19.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
5/3/2020 - 23:47:19.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
5/3/2020 - 23:47:19.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\decisao.zip
5/3/2020 - 23:47:19.747Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
5/3/2020 - 23:47:19.747Delete1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\decisao.zip
5/3/2020 - 23:47:19.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\decisao.zip
5/3/2020 - 23:47:19.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:47:19.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:19.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\pt-BR\TurixpqLP.resources.dll
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\pt-BR\TurixpqLP.resources\TurixpqLP.resources.dll
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\pt-BR\TurixpqLP.resources.exe
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\pt-BR\TurixpqLP.resources\TurixpqLP.resources.exe
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:47:19.809Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:47:19.809Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:47:19.809Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
5/3/2020 - 23:47:19.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
5/3/2020 - 23:47:19.825Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
5/3/2020 - 23:47:19.825Open1480C:\malware.exeC:\pt\TurixpqLP.resources.dll
5/3/2020 - 23:47:19.825Open1480C:\malware.exeC:\pt\TurixpqLP.resources\TurixpqLP.resources.dll
5/3/2020 - 23:47:19.825Open1480C:\malware.exeC:\pt\TurixpqLP.resources.exe
5/3/2020 - 23:47:19.825Open1480C:\malware.exeC:\pt\TurixpqLP.resources\TurixpqLP.resources.exe
5/3/2020 - 23:47:19.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:19.872Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:19.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:19.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:19.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\PROPSYS.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:47:20.12Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\apphelp.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.12Unknown1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.12Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows
5/3/2020 - 23:47:20.12Unknown1480C:\malware.exeC:\Windows
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.12Unknown1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.12Unknown1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.12Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.75Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
5/3/2020 - 23:47:20.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
5/3/2020 - 23:47:20.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:47:20.75Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:47:20.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.90Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\desktop.ini
5/3/2020 - 23:47:20.90Read1480C:\malware.exeC:\Users\desktop.ini
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.90Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.90Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:20.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:20.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.90Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
5/3/2020 - 23:47:20.90Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
5/3/2020 - 23:47:20.153Read1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
5/3/2020 - 23:47:20.153Read1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
5/3/2020 - 23:47:20.153Read1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.153Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.153Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
5/3/2020 - 23:47:20.168Read1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
5/3/2020 - 23:47:20.168Read1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
5/3/2020 - 23:47:20.168Read1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
5/3/2020 - 23:47:20.168Read1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
5/3/2020 - 23:47:20.168Read1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
5/3/2020 - 23:47:20.168Read1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
5/3/2020 - 23:47:20.168Read1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Windows
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Windows
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.168Unknown1480C:\malware.exeC:\Windows\SysWOW64
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.372Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.372Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\System32\propsys.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
5/3/2020 - 23:47:20.372Open1480C:\malware.exeC:\Windows\System32\propsys.dll
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Secur32.dll
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe:Zone.Identifier
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\ui\SwDRM.dll
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\Prefetch\ZANGIEF.EXE-6F0C3523.pf
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\System32\wow64.dll
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\System32\wow64.dll
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\System32\wow64win.dll
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\System32\wow64win.dll
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\System32\wow64cpu.dll
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\System32\wow64cpu.dll
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\System32\wow64log.dll
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows
5/3/2020 - 23:47:20.590Unknown2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows
5/3/2020 - 23:47:20.590Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\sechost.dll
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\sechost.dll
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\imm32.dll
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\imm32.dll
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\imm32.dll
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\imm32.dll
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\imm32.dll
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\imm32.dll
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\tzres.dll
5/3/2020 - 23:47:20.809Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\tzres.dll
5/3/2020 - 23:47:20.825Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\tzres.dll
5/3/2020 - 23:47:20.825Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows\SysWOW64\tzres.dll
5/3/2020 - 23:47:20.825Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Users\Behemot\AppData\Roaming\Fantasy\decisao.zip
5/3/2020 - 23:47:20.825Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Users\Behemot\AppData\Roaming\Fantasy\decisao.zip
5/3/2020 - 23:47:20.825Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Users\Behemot\AppData\Roaming\Fantasy\decisao.zip.zip
5/3/2020 - 23:47:20.825Open2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Users\Behemot\AppData\Roaming\Fantasy\decisao.zip.zip
5/3/2020 - 23:47:20.825Unknown2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Windows
5/3/2020 - 23:47:20.825Unknown2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:22.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:22.559Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
5/3/2020 - 23:47:22.559Delete1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:22.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:22.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:22.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\decisao.zip
5/3/2020 - 23:47:27.575Open1480C:\malware.exeC:\Monitor
5/3/2020 - 23:47:27.575Unknown1480C:\malware.exeC:\Monitor
5/3/2020 - 23:47:27.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\jopx.exe
5/3/2020 - 23:47:27.575Open1480C:\malware.exeC:\
5/3/2020 - 23:47:27.575Unknown1480C:\malware.exeC:\
5/3/2020 - 23:47:27.575Open1480C:\malware.exeC:\Users
5/3/2020 - 23:47:27.575Unknown1480C:\malware.exeC:\Users
5/3/2020 - 23:47:27.575Open1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:27.575Unknown1480C:\malware.exeC:\Users\Behemot
5/3/2020 - 23:47:27.575Open1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:27.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData
5/3/2020 - 23:47:27.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:27.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
5/3/2020 - 23:47:27.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:27.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy
5/3/2020 - 23:47:27.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Fantasy\jopx.exe
5/3/2020 - 23:47:27.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:27.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:27.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:27.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:27.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:27.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:27.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:27.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:27.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.325Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:28.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:28.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:28.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.418Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.418Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:28.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
5/3/2020 - 23:47:28.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.793Open1480C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
5/3/2020 - 23:47:28.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
5/3/2020 - 23:47:28.793Open1480C:\malware.exeC:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
5/3/2020 - 23:47:28.793Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.793Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:28.793Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources.exe
5/3/2020 - 23:47:28.793Open1480C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.exe
5/3/2020 - 23:47:28.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:28.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:29.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:29.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:29.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:29.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:29.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:29.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:29.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:29.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:29.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:29.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:29.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:29.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:29.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:29.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
5/3/2020 - 23:47:29.856Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:29.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
5/3/2020 - 23:47:29.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:29.903Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:29.950Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:29.997Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
5/3/2020 - 23:47:30.90Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.90Open1480C:\malware.exeC:\malware.exe.Local
5/3/2020 - 23:47:30.90Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:47:30.90Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:47:30.90Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5/3/2020 - 23:47:30.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.153Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb
5/3/2020 - 23:47:30.200Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
5/3/2020 - 23:47:30.247Open1480C:\malware.exeC:\Windows\symbols\dll\System.pdb
5/3/2020 - 23:47:30.247Open1480C:\malware.exeC:\Windows\dll\System.pdb
5/3/2020 - 23:47:30.247Open1480C:\malware.exeC:\Windows\System.pdb
5/3/2020 - 23:47:30.247Open1480C:\malware.exeC:\malware.PDB
5/3/2020 - 23:47:30.293Open1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Read1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.293Open1480C:\malware.exeC:\TurixpqLP.pdb
5/3/2020 - 23:47:30.293Open1480C:\malware.exeC:\Windows\symbols\exe\TurixpqLP.pdb
5/3/2020 - 23:47:30.293Open1480C:\malware.exeC:\Windows\exe\TurixpqLP.pdb
5/3/2020 - 23:47:30.293Open1480C:\malware.exeC:\Windows\TurixpqLP.pdb
5/3/2020 - 23:47:30.293Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\symbols\dll\mscorlib.pdb
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\dll\mscorlib.pdb
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\mscorlib.pdb
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\symbols\dll\System.Windows.Forms.pdb
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\dll\System.Windows.Forms.pdb
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\System.Windows.Forms.pdb
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
5/3/2020 - 23:47:30.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.340Unknown1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.340Unknown1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.340Unknown1480C:\malware.exeC:\malware.exe
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:47:30.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:47:30.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:47:30.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
5/3/2020 - 23:47:30.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
5/3/2020 - 23:47:30.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
5/3/2020 - 23:47:30.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
5/3/2020 - 23:47:30.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
5/3/2020 - 23:47:30.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
5/3/2020 - 23:47:30.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
5/3/2020 - 23:47:30.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
5/3/2020 - 23:47:30.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
5/3/2020 - 23:47:30.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
5/3/2020 - 23:47:30.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
5/3/2020 - 23:47:30.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
5/3/2020 - 23:47:30.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
5/3/2020 - 23:47:30.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
5/3/2020 - 23:47:30.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
5/3/2020 - 23:47:30.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
5/3/2020 - 23:47:30.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
5/3/2020 - 23:47:30.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
5/3/2020 - 23:47:30.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
5/3/2020 - 23:47:30.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
5/3/2020 - 23:47:30.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
5/3/2020 - 23:47:30.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
5/3/2020 - 23:47:30.465Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.465Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.465Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.465Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.465Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
5/3/2020 - 23:47:30.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
5/3/2020 - 23:47:30.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:30.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
5/3/2020 - 23:47:30.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:30.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:30.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
5/3/2020 - 23:47:30.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
5/3/2020 - 23:47:30.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:30.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:30.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:30.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:30.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:30.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
5/3/2020 - 23:47:30.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
5/3/2020 - 23:47:30.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:31.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:31.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:31.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:31.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:31.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:31.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:31.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:32.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:32.247Open1480C:\malware.exeC:\WindowsCodecs.dll
5/3/2020 - 23:47:32.247Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
5/3/2020 - 23:47:32.247Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
5/3/2020 - 23:47:32.247Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
5/3/2020 - 23:47:32.247Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
5/3/2020 - 23:47:32.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:32.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:32.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
5/3/2020 - 23:47:32.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.856Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
5/3/2020 - 23:47:32.856Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
5/3/2020 - 23:47:32.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:32.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
5/3/2020 - 23:47:32.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
5/3/2020 - 23:47:33.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll

Process
Trace
5/3/2020 - 23:47:20.543Create1480C:\malware.exe2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe
5/3/2020 - 23:47:20.825Terminate1480C:\malware.exe2924C:\Users\Behemot\AppData\Roaming\Fantasy\zangief.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
5/3/2020 - 23:46:0.809Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
5/3/2020 - 23:47:18.809Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
5/3/2020 - 23:47:18.809Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
5/3/2020 - 23:47:18.809Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileTracingMask
5/3/2020 - 23:47:18.809Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
5/3/2020 - 23:47:18.809Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32MaxFileSize
5/3/2020 - 23:47:18.809Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileDirectory
5/3/2020 - 23:47:18.872Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableFileTracing
5/3/2020 - 23:47:18.872Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableConsoleTracing
5/3/2020 - 23:47:18.872Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileTracingMask
5/3/2020 - 23:47:18.872Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSConsoleTracingMask
5/3/2020 - 23:47:18.872Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSMaxFileSize
5/3/2020 - 23:47:18.872Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileDirectory
5/3/2020 - 23:47:20.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
5/3/2020 - 23:47:20.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
5/3/2020 - 23:47:20.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
5/3/2020 - 23:47:20.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
5/3/2020 - 23:47:20.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
5/3/2020 - 23:47:20.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
5/3/2020 - 23:47:20.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
5/3/2020 - 23:47:20.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code bradesinfomail.com.br.
computer localhost arrow_forward computer gateway:DNS code bradesinfomail.com.br.

Response

TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 59.08%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 93.03%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 80.10%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.20%
suspicious: False cancel

Add to Collection
Download