Report #9189 check_circle

  • Creation Date: March 10, 2020, 4:35 p.m.
  • Last Update: March 11, 2020, 1:26 a.m.
  • File: adobe.exe
  • Results:
Binary
DLL
False cancel
Size
813.50KB
trid
44.5% Generic CIL Executable
18.9% Win32 Executable MS Visual C++
16.8% Win64 Executable
7.9% Windows screen saver
4.0% Win32 Dynamic Link Library
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
395bcc19b1469ad33e6880680c5aec8e
sha1
681d44431d80b30aa3a8d49d739caeb43fccb812
crc32
0x17952d76
sha224
eb5165bd5bcee1515d41dc249b91c0c0d09933c33c384dc78fe421a8
sha256
68fa21af1a4a6f490b03fad0373a55182527596c284dc18cb175c5a42fdc0243
sha384
5c10e5432fb6aea424eda840cf3b74396fadacb56590dedb9522d89bd92c4bcc8eb01978fed80833da8a51c8a5fbcead
sha512
7fd8c4938269d89bb9e4fb226e32ffc3b495302a1ce43386bf20bb915507e8265c95f7ebf7e630de78c6662b09c7edba03ff258fc1dca83c350df7e0bd592ccd
ssdeep
12288:wMHMEMgfeb9or7Heb9or7Heb9or7Heb9or79GNl5cCCCkbdokLPArT:TsPgtttmSCCCGFUf
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, screenshot, Microsoft_Visual_Studio_NET_additional, HasDebugData, Dropper_Strings, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, url, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
http://associacaosecuritaria.com.br/wp-content/plugins/BoxTheme/ler.php
https://www2.bancobrasil.com.br/aapf/
WScript.Shell
c:\windows\system32\ieframe.dll
Data Source=mssql05.redehost.com.br,5003;Initial Catalog=bdsubway;User ID=bdsubway;Password=subway102030
F:\g0lp3 Key\g0lp3 Key\obj\Release\g0lp3 Key 2.pdb
My.Computer
System.IO
System.Management
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
rie final xxx.xxx.
System.ComponentModel.Design
W.Ye
W.Ye
W.Ye
W.Ye
sys32.My
q.tV
windows32.dll
SELECT bloq FROM dbo.azul WHERE id ='
SELECT fun, x, y, texto FROM dbo.azul WHERE id ='
4System.Web.Services.Protocols.SoapHttpClientProtocol
1.0.0.0
g0lp3 Key 2.exe
g0lp3 Key 2.exe
g0lp3 Key 2.exe
2.0.0.0
8.0.0.0
2.0.0.0
2.0.0.0
9.0.0.0
2.0.0.0
con2
DelegateCallback
System.Windows.Forms.Form
R,az%p!sN
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\winlogon
3System.Resources.Tools.StronglyTypedResourceBuilder
RdEb
RdEb
RdEb
RdEb
DelegateAsyncResult
Delegate
DelegateAsyncState
MulticastDelegate
UPDATE dbo.azul SET assinatura = @assinatura WHERE id ='
UPDATE dbo.azul SET desktop = @desktop, fun = @fun WHERE id ='
System.Windows.Forms
UPDATE dbo.azul SET fun = @fun, y = @y, x = @x, texto = @texto WHERE id ='
UPDATE dbo.azul SET status = @status WHERE id ='
UPDATE dbo.azul SET img = @img WHERE id ='
UPDATE dbo.azul SET fun = @fun WHERE id ='
INSERT INTO dbo.azul (id) VALUES (@id)
UPDATE dbo.azul SET fun = @fun, y = @y, x = @x WHERE id ='
UPDATE dbo.idt SET id = @id, casa = @casa
SW_HIDE
NETSCAPE2.0
NETSCAPE2.0
NETSCAPE2.0
NETSCAPE2.0
mscoree.dll
_WebBrowser1
add_Shutdown
sys32.ScreenShot
set_WebBrowser1
get_WebBrowser1
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Foremost
Matches
178.gif, 9 KB, 447.gif, 1 KB, 652.gif, 664 B, 772.gif, 4 KB, 0.exe, 813 KB, 4.png, 24 KB, 53.png, 24 KB, 102.png, 7 KB, 118.png, 24 KB, 167.png, 2 KB, 173.png, 1001 B, 175.png, 1 KB, 197.png, 658 B, 199.png, 503 B, 203.png, 30 KB, 264.png, 30 KB, 325.png, 30 KB, 386.png, 30 KB, 447.png, 201 B, 451.png, 961 B, 453.png, 490 B, 454.png, 981 B, 456.png, 2 KB, 462.png, 14 KB, 491.png, 476 B, 492.png, 961 B, 494.png, 961 B, 497.png, 406 B, 498.png, 6 KB, 511.png, 1 KB, 517.png, 9 KB, 536.png, 14 KB, 565.png, 14 KB, 594.png, 14 KB, 623.png, 14 KB, 654.png, 4 KB, 663.png, 3 KB, 670.png, 15 KB, 702.png, 974 B, 704.png, 3 KB, 711.png, 4 KB, 720.png, 3 KB, 727.png, 3 KB, 735.png, 9 KB, 754.png, 9 KB, 782.png, 773 B, 784.png, 652 B, 785.png, 3 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://associacaosecuritaria.com.br/wp-content/plugins/boxtheme/ler.php, https://www2.bancobrasil.com.br/aapf/
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: http://associacaosecuritaria.com.br/wp-content/plugins/BoxTheme/ler.php, windows32.dll, c:\windows\system32\ieframe.dll, user32.dll, mscoree.dll, gdi32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 299008
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .sdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 540942
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, mscoree.dll, gdi32.dll
hasLibs: True check_circle
Suspicious: windows32.dll, c:\windows\system32\ieframe.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2013-12-31 00:44:01
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 9
.text: 176

pushpopmath
.rsrc: 1
.text: 177
.sdata: 1

ss register
.text: 4

garbagebytes
.rsrc: 5
.text: 78

hookdetection
.text: 11

software breakpoint
.text: 6

fakeconditionaljumps
.text: 5

programcontrolflowchange
.rsrc: 5
.text: 75

cpuinstructionsresultscomparison
.text: 74

AVclass
sysn
1
VirusTotal
md5
395bcc19b1469ad33e6880680c5aec8e
sha1
681d44431d80b30aa3a8d49d739caeb43fccb812
SCANS (DETECTION RATE = 74.60%)
AVG
result: Win32:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
result: Trojan-Dropper.Win32.Sysn!O
update: 20180323
version: 1.1.0.977
detected: True check_circle

MAX
result: malware (ai score=82)
update: 20180323
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
result: Gen:Variant.Razy.9712
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Strictor.44824.6
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9566
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/GenBl.395BCC19!Olympus
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.Siggen6.7898
update: 20180323
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Razy.9712
update: 20180323
version: A:25.16481B:25.11861
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDropper.Sysn
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65478
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180323
version: 28733
detected: True check_circle

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

McAfee
result: GenericR-DBJ!395BCC19B146
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Banker!8.8D (TFE:D:1uM58ivR15N)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DR.Sysn!
update: 20180323
version: 5.5.1.3
detected: True check_circle

Arcabit
result: Trojan.Razy.D25F0
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20180316
version: 2.0.5
detected: False cancel

Tencent
result: Win32.Trojan-dropper.Sysn.Lked
update: 20180323
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180323
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Razy.9712
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Dropper.W32.Sysn.abdy!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Razy.9712 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Razy.9712
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Sysn.ABDY!tr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: TrojanDropper.Sysn.drh
update: 20180323
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Agent.C310016
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan[Dropper]/Win32.Sysn
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Dropper.Win32.Sysn.abdy
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180323
version: 1.1.14600.4
detected: False cancel

Qihoo-360
result: Win32/Trojan.f6b
update: 20180323
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Dropper.Win32.Sysn.abdy
update: 20180323
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Spy.Banker.BF
update: 20180323
version: 17107
detected: True check_circle

TrendMicro
result: TROJ_DROPPE.ALL
update: 20180323
version: 9.862.0.1074
detected: True check_circle

BitDefender
result: Gen:Variant.Razy.9712
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
result: Win32/Sisron.WLLKZL
update: 20180323
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: Trojan.Sisron
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Sysn.dkkowc
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Razy.9712
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: GenericR-DBJ!395BCC19B146
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_DROPPE.ALL
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
63
sha256
68fa21af1a4a6f490b03fad0373a55182527596c284dc18cb175c5a42fdc0243
scan_id
68fa21af1a4a6f490b03fad0373a55182527596c284dc18cb175c5a42fdc0243-1521844377
resource
395bcc19b1469ad33e6880680c5aec8e
positives
47
scan_date
2018-03-23 22:32:57
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/3/2020 - 0:45:45.387Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
11/3/2020 - 0:45:46.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:46.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:46.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:46.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:46.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:46.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:46.43Open1480C:\malware.exeC:\malware.exe.config
11/3/2020 - 0:45:46.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
11/3/2020 - 0:45:46.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
11/3/2020 - 0:45:46.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
11/3/2020 - 0:45:46.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
11/3/2020 - 0:45:46.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 0:45:46.75Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:45:46.75Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 0:45:46.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
11/3/2020 - 0:45:46.75Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.481Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:45:46.528Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:45:46.575Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:45:47.903Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\
11/3/2020 - 0:45:47.903Unknown1480C:\malware.exeC:\
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Monitor
11/3/2020 - 0:45:47.903Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:45:47.903Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:45:47.903Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\CRYPTBASE.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
11/3/2020 - 0:45:47.903Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
11/3/2020 - 0:45:47.903Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
11/3/2020 - 0:45:47.903Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
11/3/2020 - 0:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:45:47.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:45:47.997Open1480C:\malware.exeC:\malware.config
11/3/2020 - 0:45:47.997Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:45:47.997Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:45:47.997Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:45:47.997Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:48.106Open1480C:\malware.exeC:\Windows\System32\l_intl.nls
11/3/2020 - 0:45:48.200Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:45:48.200Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:45:48.340Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
11/3/2020 - 0:45:48.340Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/3/2020 - 0:45:48.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
11/3/2020 - 0:45:48.340Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:48.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
11/3/2020 - 0:45:48.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:48.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:48.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:48.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:48.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:45:48.340Open1480C:\malware.exeC:\Windows\assembly\GAC_64\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:45:48.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:45:48.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:45:48.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 0:45:48.575Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.575Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 0:45:48.575Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.668Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:45:48.950Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:45:48.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:48.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 0:45:49.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 0:45:49.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 0:45:49.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:49.653Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
11/3/2020 - 0:45:49.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
11/3/2020 - 0:45:49.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
11/3/2020 - 0:45:49.840Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:45:49.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:45:49.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:45:49.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:45:49.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\VERSION.dll
11/3/2020 - 0:45:49.856Open1480C:\malware.exeC:\VERSION.dll
11/3/2020 - 0:45:49.856Open1480C:\malware.exeC:\Windows\System32\version.dll
11/3/2020 - 0:45:49.856Open1480C:\malware.exeC:\Windows\System32\version.dll
11/3/2020 - 0:45:49.856Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 0:45:49.856Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.856Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 0:45:49.856Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:45:49.856Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
11/3/2020 - 0:45:49.997Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:49.997Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
11/3/2020 - 0:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:50.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
11/3/2020 - 0:45:50.934Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:50.934Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
11/3/2020 - 0:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:51.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:51.356Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.497Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.497Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:52.856Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:45:53.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:45:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:54.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:45:54.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:45:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:54.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:45:54.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:45:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:56.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:45:56.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:56.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:56.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:57.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:57.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:57.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:57.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:57.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:57.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:57.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:58.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:58.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:58.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:58.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:58.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:58.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:58.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:58.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:45:59.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:45:59.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:45:59.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:0.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:0.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:0.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:0.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:0.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:0.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:0.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:0.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:0.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:1.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:1.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:1.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:1.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:1.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:1.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:2.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:2.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:2.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:2.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:2.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:2.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:2.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:2.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:2.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:2.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:2.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:2.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:2.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:3.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:3.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:3.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:3.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:3.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:3.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:3.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:3.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:3.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:3.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:3.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:3.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:4.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:4.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:4.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:4.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:4.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:4.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:4.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:4.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:4.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:5.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:5.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:5.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:5.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:5.418Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
11/3/2020 - 0:46:5.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:5.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:5.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:5.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:5.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:6.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:6.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:6.122Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.215Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.215Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:46:6.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:46:6.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:6.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:7.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:7.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:7.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:46:7.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:46:7.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:7.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:7.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:7.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:7.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:7.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:8.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:8.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:8.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:8.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:8.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:8.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:8.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:8.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:9.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\18ced6ed857be609f5d3c9b01166aa31\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 0:46:9.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:9.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:10.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:10.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:10.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:10.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:10.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:10.950Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
11/3/2020 - 0:46:11.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/3/2020 - 0:46:11.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 0:46:11.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 0:46:11.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 0:46:11.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:46:11.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll
11/3/2020 - 0:46:11.403Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:46:11.403Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.403Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
11/3/2020 - 0:46:11.403Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.403Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.403Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.418Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.418Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.418Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.465Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
11/3/2020 - 0:46:11.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.465Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:46:11.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:46:11.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:46:11.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:46:11.465Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
11/3/2020 - 0:46:11.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:46:11.512Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/3/2020 - 0:46:11.512Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.747Open1480C:\malware.exeC:\Windows\System32\tzres.dll
11/3/2020 - 0:46:11.747Open1480C:\malware.exeC:\Windows\System32\tzres.dll
11/3/2020 - 0:46:11.747Open1480C:\malware.exeC:\Windows\System32\tzres.dll
11/3/2020 - 0:46:11.747Open1480C:\malware.exeC:\Windows\System32\tzres.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.747Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
11/3/2020 - 0:46:11.747Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:46:11.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.762Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
11/3/2020 - 0:46:11.762Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.762Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:46:11.778Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:11.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
11/3/2020 - 0:46:11.778Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:11.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
11/3/2020 - 0:46:11.778Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:11.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
11/3/2020 - 0:46:11.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:11.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.450Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:12.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:12.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:12.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:12.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:12.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:12.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:12.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:12.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:13.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:13.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:13.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:13.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:13.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:13.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:13.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 0:46:13.12Open1480C:\malware.exeC:\malware.config
11/3/2020 - 0:46:13.12Open1480C:\malware.exeC:\malware.config
11/3/2020 - 0:46:13.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:13.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:13.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:46:13.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:13.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:13.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:13.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 0:46:13.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:46:13.762Open1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:46:13.762Open1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:46:13.762Open1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:46:13.762Open1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:46:13.762Open1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:46:13.762Open1480C:\malware.exeC:\Windows\System32\pt-BR\KernelBase.dll.mui
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:13.950Open1480C:\malware.exeC:\RichEd20.DLL
11/3/2020 - 0:46:13.950Open1480C:\malware.exeC:\Windows\System32\riched20.dll
11/3/2020 - 0:46:13.950Open1480C:\malware.exeC:\Windows\System32\riched20.dll
11/3/2020 - 0:46:14.278Open1480C:\malware.exeC:\Windows\System32\riched20.dll
11/3/2020 - 0:46:14.278Open1480C:\malware.exeC:\Windows\System32\riched20.dll
11/3/2020 - 0:46:14.278Open1480C:\malware.exeC:\Windows\System32\riched20.dll
11/3/2020 - 0:46:14.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:14.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:14.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:46:14.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:14.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:15.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:15.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:15.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:15.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:15.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:15.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:15.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:15.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:46:15.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:46:15.450Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Gdiplus.dll
11/3/2020 - 0:46:15.450Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:46:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
11/3/2020 - 0:46:15.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
11/3/2020 - 0:46:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8
11/3/2020 - 0:46:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
11/3/2020 - 0:46:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
11/3/2020 - 0:46:15.450Open1480C:\malware.exeC:\ShFolder.DLL
11/3/2020 - 0:46:15.450Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
11/3/2020 - 0:46:15.450Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:46:15.465Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:46:15.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Windows\System32\GDIPFONTCACHEV1.DAT
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:46:15.465Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:46:15.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:46:15.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/3/2020 - 0:46:15.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 0:46:15.465Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 0:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/3/2020 - 0:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/3/2020 - 0:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/3/2020 - 0:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/3/2020 - 0:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/3/2020 - 0:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/3/2020 - 0:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/3/2020 - 0:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 0:46:15.497Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 0:46:15.512Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 0:46:15.840Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 0:46:15.887Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 0:46:15.934Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 0:46:15.934Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/3/2020 - 0:46:15.934Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/3/2020 - 0:46:15.934Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/3/2020 - 0:46:16.75Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/3/2020 - 0:46:16.122Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/3/2020 - 0:46:16.122Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/3/2020 - 0:46:16.122Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/3/2020 - 0:46:16.215Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/3/2020 - 0:46:16.262Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/3/2020 - 0:46:16.262Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/3/2020 - 0:46:16.262Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/3/2020 - 0:46:16.403Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/3/2020 - 0:46:16.450Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/3/2020 - 0:46:16.450Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/3/2020 - 0:46:16.450Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/3/2020 - 0:46:16.590Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/3/2020 - 0:46:16.637Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/3/2020 - 0:46:16.637Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/3/2020 - 0:46:16.637Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/3/2020 - 0:46:16.731Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/3/2020 - 0:46:16.731Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/3/2020 - 0:46:16.731Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/3/2020 - 0:46:16.731Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/3/2020 - 0:46:16.825Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/3/2020 - 0:46:16.825Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/3/2020 - 0:46:16.825Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/3/2020 - 0:46:16.825Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/3/2020 - 0:46:16.918Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/3/2020 - 0:46:16.918Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/3/2020 - 0:46:16.918Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/3/2020 - 0:46:16.918Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/3/2020 - 0:46:17.59Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/3/2020 - 0:46:17.59Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/3/2020 - 0:46:17.59Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/3/2020 - 0:46:17.59Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/3/2020 - 0:46:17.200Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/3/2020 - 0:46:17.247Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/3/2020 - 0:46:17.247Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/3/2020 - 0:46:17.247Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/3/2020 - 0:46:17.340Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/3/2020 - 0:46:17.387Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/3/2020 - 0:46:17.387Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/3/2020 - 0:46:17.387Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/3/2020 - 0:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/3/2020 - 0:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/3/2020 - 0:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/3/2020 - 0:46:17.481Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/3/2020 - 0:46:17.575Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/3/2020 - 0:46:17.575Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 0:46:17.575Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 0:46:17.575Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 0:46:18.137Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 0:46:18.606Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 0:46:18.653Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 0:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 0:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/3/2020 - 0:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/3/2020 - 0:46:18.700Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/3/2020 - 0:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/3/2020 - 0:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/3/2020 - 0:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/3/2020 - 0:46:18.793Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/3/2020 - 0:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/3/2020 - 0:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/3/2020 - 0:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/3/2020 - 0:46:18.934Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/3/2020 - 0:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/3/2020 - 0:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/3/2020 - 0:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/3/2020 - 0:46:19.28Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/3/2020 - 0:46:19.122Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/3/2020 - 0:46:19.168Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/3/2020 - 0:46:19.168Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/3/2020 - 0:46:19.168Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/3/2020 - 0:46:19.262Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/3/2020 - 0:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/3/2020 - 0:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/3/2020 - 0:46:19.309Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/3/2020 - 0:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/3/2020 - 0:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/3/2020 - 0:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/3/2020 - 0:46:19.403Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/3/2020 - 0:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/3/2020 - 0:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/3/2020 - 0:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/3/2020 - 0:46:19.497Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/3/2020 - 0:46:19.590Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/3/2020 - 0:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/3/2020 - 0:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/3/2020 - 0:46:19.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/3/2020 - 0:46:19.731Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/3/2020 - 0:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/3/2020 - 0:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/3/2020 - 0:46:19.778Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/3/2020 - 0:46:19.872Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/3/2020 - 0:46:19.872Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/3/2020 - 0:46:19.872Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/3/2020 - 0:46:19.872Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/3/2020 - 0:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/3/2020 - 0:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/3/2020 - 0:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/3/2020 - 0:46:19.965Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/3/2020 - 0:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/3/2020 - 0:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/3/2020 - 0:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/3/2020 - 0:46:20.59Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/3/2020 - 0:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/3/2020 - 0:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/3/2020 - 0:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/3/2020 - 0:46:20.153Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/3/2020 - 0:46:20.247Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/3/2020 - 0:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 0:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 0:46:20.293Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 0:46:20.575Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 0:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/3/2020 - 0:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/3/2020 - 0:46:20.715Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/3/2020 - 0:46:20.997Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/3/2020 - 0:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/3/2020 - 0:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/3/2020 - 0:46:21.137Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/3/2020 - 0:46:21.278Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/3/2020 - 0:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/3/2020 - 0:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/3/2020 - 0:46:21.325Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/3/2020 - 0:46:21.418Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/3/2020 - 0:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 0:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 0:46:21.465Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 0:46:22.122Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 0:46:22.872Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 0:46:23.247Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 0:46:23.668Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 0:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 0:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 0:46:24.43Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 0:46:24.700Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 0:46:25.450Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 0:46:25.856Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 0:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 0:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/3/2020 - 0:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/3/2020 - 0:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/3/2020 - 0:46:26.793Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/3/2020 - 0:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 0:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 0:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 0:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 0:46:27.497Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/3/2020 - 0:46:27.497Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/3/2020 - 0:46:27.497Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/3/2020 - 0:46:27.825Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/3/2020 - 0:46:28.153Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 0:46:28.153Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 0:46:28.153Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 0:46:28.528Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 0:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/3/2020 - 0:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/3/2020 - 0:46:28.903Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/3/2020 - 0:46:29.278Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/3/2020 - 0:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 0:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 0:46:29.653Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 0:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 0:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 0:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 0:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 0:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 0:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 0:46:31.90Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 0:46:31.512Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 0:46:31.512Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 0:46:31.512Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/3/2020 - 0:46:31.512Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/3/2020 - 0:46:31.512Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/3/2020 - 0:46:31.653Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/3/2020 - 0:46:31.747Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 0:46:31.747Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 0:46:31.747Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 0:46:32.168Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 0:46:32.590Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 0:46:32.684Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 0:46:32.778Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 0:46:32.778Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 0:46:32.778Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 0:46:33.153Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 0:46:33.528Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 0:46:33.622Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/3/2020 - 0:46:33.622Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/3/2020 - 0:46:33.622Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/3/2020 - 0:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/3/2020 - 0:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/3/2020 - 0:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/3/2020 - 0:46:33.715Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/3/2020 - 0:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/3/2020 - 0:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/3/2020 - 0:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/3/2020 - 0:46:33.809Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/3/2020 - 0:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/3/2020 - 0:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/3/2020 - 0:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/3/2020 - 0:46:33.903Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/3/2020 - 0:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/3/2020 - 0:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/3/2020 - 0:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/3/2020 - 0:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/3/2020 - 0:46:34.278Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/3/2020 - 0:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/3/2020 - 0:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/3/2020 - 0:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/3/2020 - 0:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/3/2020 - 0:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/3/2020 - 0:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/3/2020 - 0:46:34.465Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/3/2020 - 0:46:34.559Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/3/2020 - 0:46:34.559Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/3/2020 - 0:46:34.559Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/3/2020 - 0:46:34.559Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/3/2020 - 0:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/3/2020 - 0:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/3/2020 - 0:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/3/2020 - 0:46:34.653Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/3/2020 - 0:46:34.747Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/3/2020 - 0:46:34.747Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/3/2020 - 0:46:34.747Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/3/2020 - 0:46:34.747Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/3/2020 - 0:46:34.887Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/3/2020 - 0:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/3/2020 - 0:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/3/2020 - 0:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/3/2020 - 0:46:35.168Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/3/2020 - 0:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 0:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 0:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 0:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 0:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/3/2020 - 0:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/3/2020 - 0:46:35.309Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/3/2020 - 0:46:35.356Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/3/2020 - 0:46:35.356Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/3/2020 - 0:46:35.356Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/3/2020 - 0:46:35.356Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/3/2020 - 0:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/3/2020 - 0:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/3/2020 - 0:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/3/2020 - 0:46:35.403Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/3/2020 - 0:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/3/2020 - 0:46:35.637Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/3/2020 - 0:46:35.778Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/3/2020 - 0:46:35.872Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/3/2020 - 0:46:35.872Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/3/2020 - 0:46:35.872Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/3/2020 - 0:46:36.12Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/3/2020 - 0:46:36.106Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 0:46:36.106Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 0:46:36.106Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 0:46:36.200Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 0:46:36.293Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 0:46:36.293Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/3/2020 - 0:46:36.293Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/3/2020 - 0:46:36.293Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/3/2020 - 0:46:36.622Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/3/2020 - 0:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/3/2020 - 0:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/3/2020 - 0:46:36.809Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/3/2020 - 0:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/3/2020 - 0:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/3/2020 - 0:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/3/2020 - 0:46:36.903Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/3/2020 - 0:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/3/2020 - 0:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/3/2020 - 0:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/3/2020 - 0:46:36.997Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/3/2020 - 0:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/3/2020 - 0:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/3/2020 - 0:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/3/2020 - 0:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/3/2020 - 0:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/3/2020 - 0:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/3/2020 - 0:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/3/2020 - 0:46:37.90Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/3/2020 - 0:46:37.231Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/3/2020 - 0:46:37.325Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/3/2020 - 0:46:37.325Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/3/2020 - 0:46:37.325Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/3/2020 - 0:46:37.372Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/3/2020 - 0:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/3/2020 - 0:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/3/2020 - 0:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/3/2020 - 0:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/3/2020 - 0:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/3/2020 - 0:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/3/2020 - 0:46:37.653Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/3/2020 - 0:46:37.747Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/3/2020 - 0:46:37.747Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/3/2020 - 0:46:37.747Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/3/2020 - 0:46:37.747Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/3/2020 - 0:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/3/2020 - 0:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/3/2020 - 0:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/3/2020 - 0:46:37.840Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/3/2020 - 0:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/3/2020 - 0:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/3/2020 - 0:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/3/2020 - 0:46:37.934Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/3/2020 - 0:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/3/2020 - 0:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/3/2020 - 0:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/3/2020 - 0:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/3/2020 - 0:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/3/2020 - 0:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/3/2020 - 0:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/3/2020 - 0:46:38.122Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/3/2020 - 0:46:38.262Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/3/2020 - 0:46:38.262Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/3/2020 - 0:46:38.262Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/3/2020 - 0:46:38.262Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/3/2020 - 0:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/3/2020 - 0:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 0:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 0:46:38.403Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 0:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 0:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/3/2020 - 0:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/3/2020 - 0:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/3/2020 - 0:46:38.497Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/3/2020 - 0:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/3/2020 - 0:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/3/2020 - 0:46:38.590Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/3/2020 - 0:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/3/2020 - 0:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/3/2020 - 0:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/3/2020 - 0:46:38.684Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/3/2020 - 0:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/3/2020 - 0:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/3/2020 - 0:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/3/2020 - 0:46:38.778Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/3/2020 - 0:46:38.872Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/3/2020 - 0:46:38.872Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/3/2020 - 0:46:38.872Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/3/2020 - 0:46:38.872Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/3/2020 - 0:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/3/2020 - 0:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/3/2020 - 0:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/3/2020 - 0:46:38.965Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/3/2020 - 0:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/3/2020 - 0:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/3/2020 - 0:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/3/2020 - 0:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/3/2020 - 0:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/3/2020 - 0:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/3/2020 - 0:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/3/2020 - 0:46:39.153Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/3/2020 - 0:46:39.247Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/3/2020 - 0:46:39.247Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/3/2020 - 0:46:39.247Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/3/2020 - 0:46:39.247Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/3/2020 - 0:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/3/2020 - 0:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/3/2020 - 0:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/3/2020 - 0:46:39.340Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/3/2020 - 0:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/3/2020 - 0:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/3/2020 - 0:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/3/2020 - 0:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/3/2020 - 0:46:39.528Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/3/2020 - 0:46:39.528Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/3/2020 - 0:46:39.528Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/3/2020 - 0:46:39.528Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/3/2020 - 0:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/3/2020 - 0:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/3/2020 - 0:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/3/2020 - 0:46:39.622Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/3/2020 - 0:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/3/2020 - 0:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/3/2020 - 0:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/3/2020 - 0:46:39.715Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/3/2020 - 0:46:39.856Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/3/2020 - 0:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/3/2020 - 0:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/3/2020 - 0:46:39.903Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/3/2020 - 0:46:40.43Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/3/2020 - 0:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/3/2020 - 0:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/3/2020 - 0:46:40.90Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/3/2020 - 0:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/3/2020 - 0:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/3/2020 - 0:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/3/2020 - 0:46:40.184Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/3/2020 - 0:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/3/2020 - 0:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/3/2020 - 0:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/3/2020 - 0:46:40.278Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/3/2020 - 0:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/3/2020 - 0:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/3/2020 - 0:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/3/2020 - 0:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/3/2020 - 0:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/3/2020 - 0:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/3/2020 - 0:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/3/2020 - 0:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/3/2020 - 0:46:40.559Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/3/2020 - 0:46:40.559Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/3/2020 - 0:46:40.559Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/3/2020 - 0:46:40.559Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/3/2020 - 0:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/3/2020 - 0:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/3/2020 - 0:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/3/2020 - 0:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/3/2020 - 0:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/3/2020 - 0:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/3/2020 - 0:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/3/2020 - 0:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/3/2020 - 0:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/3/2020 - 0:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/3/2020 - 0:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/3/2020 - 0:46:40.840Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/3/2020 - 0:46:40.981Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/3/2020 - 0:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/3/2020 - 0:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/3/2020 - 0:46:41.28Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/3/2020 - 0:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/3/2020 - 0:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/3/2020 - 0:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/3/2020 - 0:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/3/2020 - 0:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/3/2020 - 0:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/3/2020 - 0:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/3/2020 - 0:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/3/2020 - 0:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/3/2020 - 0:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/3/2020 - 0:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/3/2020 - 0:46:41.215Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/3/2020 - 0:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/3/2020 - 0:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/3/2020 - 0:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/3/2020 - 0:46:41.309Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/3/2020 - 0:46:41.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/3/2020 - 0:46:41.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/3/2020 - 0:46:41.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/3/2020 - 0:46:41.403Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/3/2020 - 0:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/3/2020 - 0:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/3/2020 - 0:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/3/2020 - 0:46:41.497Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/3/2020 - 0:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/3/2020 - 0:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/3/2020 - 0:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/3/2020 - 0:46:41.590Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/3/2020 - 0:46:41.684Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/3/2020 - 0:46:41.684Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/3/2020 - 0:46:41.684Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/3/2020 - 0:46:41.684Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/3/2020 - 0:46:41.778Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/3/2020 - 0:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/3/2020 - 0:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/3/2020 - 0:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/3/2020 - 0:46:41.872Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/3/2020 - 0:46:42.12Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/3/2020 - 0:46:42.200Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/3/2020 - 0:46:42.200Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/3/2020 - 0:46:42.200Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/3/2020 - 0:46:42.293Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/3/2020 - 0:46:42.293Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/3/2020 - 0:46:42.293Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/3/2020 - 0:46:42.293Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/3/2020 - 0:46:42.387Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/3/2020 - 0:46:42.387Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/3/2020 - 0:46:42.387Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/3/2020 - 0:46:42.387Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/3/2020 - 0:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/3/2020 - 0:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/3/2020 - 0:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/3/2020 - 0:46:42.481Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/3/2020 - 0:46:42.622Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/3/2020 - 0:46:42.762Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/3/2020 - 0:46:42.762Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/3/2020 - 0:46:42.762Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/3/2020 - 0:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/3/2020 - 0:46:43.43Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/3/2020 - 0:46:43.43Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/3/2020 - 0:46:43.43Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/3/2020 - 0:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/3/2020 - 0:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/3/2020 - 0:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/3/2020 - 0:46:43.137Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/3/2020 - 0:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/3/2020 - 0:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/3/2020 - 0:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/3/2020 - 0:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/3/2020 - 0:46:43.325Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/3/2020 - 0:46:43.325Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/3/2020 - 0:46:43.325Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/3/2020 - 0:46:43.325Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/3/2020 - 0:46:43.418Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/3/2020 - 0:46:43.418Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/3/2020 - 0:46:43.418Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/3/2020 - 0:46:43.418Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/3/2020 - 0:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/3/2020 - 0:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/3/2020 - 0:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/3/2020 - 0:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/3/2020 - 0:46:43.606Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/3/2020 - 0:46:43.606Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/3/2020 - 0:46:43.606Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/3/2020 - 0:46:43.606Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/3/2020 - 0:46:43.700Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/3/2020 - 0:46:43.700Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/3/2020 - 0:46:43.700Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/3/2020 - 0:46:43.700Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/3/2020 - 0:46:43.793Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/3/2020 - 0:46:43.793Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/3/2020 - 0:46:43.793Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/3/2020 - 0:46:43.793Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/3/2020 - 0:46:43.887Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/3/2020 - 0:46:43.887Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/3/2020 - 0:46:43.887Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/3/2020 - 0:46:43.887Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/3/2020 - 0:46:43.981Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/3/2020 - 0:46:43.981Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/3/2020 - 0:46:43.981Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/3/2020 - 0:46:43.981Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/3/2020 - 0:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/3/2020 - 0:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/3/2020 - 0:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/3/2020 - 0:46:44.75Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/3/2020 - 0:46:44.168Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/3/2020 - 0:46:44.168Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/3/2020 - 0:46:44.168Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/3/2020 - 0:46:44.168Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/3/2020 - 0:46:44.450Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/3/2020 - 0:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/3/2020 - 0:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/3/2020 - 0:46:44.543Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/3/2020 - 0:46:44.825Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/3/2020 - 0:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/3/2020 - 0:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/3/2020 - 0:46:44.965Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/3/2020 - 0:46:45.247Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/3/2020 - 0:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/3/2020 - 0:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/3/2020 - 0:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/3/2020 - 0:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/3/2020 - 0:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/3/2020 - 0:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/3/2020 - 0:46:45.434Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/3/2020 - 0:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/3/2020 - 0:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/3/2020 - 0:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/3/2020 - 0:46:45.528Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/3/2020 - 0:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/3/2020 - 0:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/3/2020 - 0:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/3/2020 - 0:46:45.622Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/3/2020 - 0:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/3/2020 - 0:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/3/2020 - 0:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/3/2020 - 0:46:45.715Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/3/2020 - 0:46:45.809Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/3/2020 - 0:46:45.809Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/3/2020 - 0:46:45.809Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/3/2020 - 0:46:45.809Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/3/2020 - 0:46:45.903Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/3/2020 - 0:46:45.903Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/3/2020 - 0:46:45.903Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/3/2020 - 0:46:45.903Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/3/2020 - 0:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/3/2020 - 0:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/3/2020 - 0:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/3/2020 - 0:46:45.997Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/3/2020 - 0:46:46.90Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/3/2020 - 0:46:46.90Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/3/2020 - 0:46:46.90Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/3/2020 - 0:46:46.90Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/3/2020 - 0:46:46.184Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/3/2020 - 0:46:46.184Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/3/2020 - 0:46:46.184Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/3/2020 - 0:46:46.184Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/3/2020 - 0:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/3/2020 - 0:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/3/2020 - 0:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/3/2020 - 0:46:46.278Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/3/2020 - 0:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/3/2020 - 0:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/3/2020 - 0:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/3/2020 - 0:46:46.372Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/3/2020 - 0:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/3/2020 - 0:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/3/2020 - 0:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/3/2020 - 0:46:46.465Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/3/2020 - 0:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/3/2020 - 0:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/3/2020 - 0:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/3/2020 - 0:46:46.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/3/2020 - 0:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/3/2020 - 0:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/3/2020 - 0:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/3/2020 - 0:46:46.653Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/3/2020 - 0:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/3/2020 - 0:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/3/2020 - 0:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/3/2020 - 0:46:46.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/3/2020 - 0:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/3/2020 - 0:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/3/2020 - 0:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/3/2020 - 0:46:46.840Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/3/2020 - 0:46:46.934Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/3/2020 - 0:46:46.934Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/3/2020 - 0:46:46.934Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/3/2020 - 0:46:46.934Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/3/2020 - 0:46:47.28Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/3/2020 - 0:46:47.28Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/3/2020 - 0:46:47.28Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/3/2020 - 0:46:47.28Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/3/2020 - 0:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/3/2020 - 0:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/3/2020 - 0:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/3/2020 - 0:46:47.122Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/3/2020 - 0:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/3/2020 - 0:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/3/2020 - 0:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/3/2020 - 0:46:47.215Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/3/2020 - 0:46:47.309Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/3/2020 - 0:46:47.309Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/3/2020 - 0:46:47.309Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/3/2020 - 0:46:47.309Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/3/2020 - 0:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/3/2020 - 0:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/3/2020 - 0:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/3/2020 - 0:46:47.403Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/3/2020 - 0:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/3/2020 - 0:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/3/2020 - 0:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/3/2020 - 0:46:47.497Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/3/2020 - 0:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/3/2020 - 0:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/3/2020 - 0:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/3/2020 - 0:46:47.590Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/3/2020 - 0:46:47.684Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/3/2020 - 0:46:47.684Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/3/2020 - 0:46:47.684Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/3/2020 - 0:46:47.684Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/3/2020 - 0:46:47.778Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/3/2020 - 0:46:47.778Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/3/2020 - 0:46:47.778Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/3/2020 - 0:46:47.778Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/3/2020 - 0:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/3/2020 - 0:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/3/2020 - 0:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/3/2020 - 0:46:47.872Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/3/2020 - 0:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/3/2020 - 0:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/3/2020 - 0:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/3/2020 - 0:46:47.965Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/3/2020 - 0:46:48.59Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/3/2020 - 0:46:48.59Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/3/2020 - 0:46:48.59Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/3/2020 - 0:46:48.59Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/3/2020 - 0:46:48.153Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/3/2020 - 0:46:48.153Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/3/2020 - 0:46:48.153Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/3/2020 - 0:46:48.153Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/3/2020 - 0:46:48.247Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/3/2020 - 0:46:48.247Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/3/2020 - 0:46:48.247Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/3/2020 - 0:46:48.247Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/3/2020 - 0:46:48.340Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/3/2020 - 0:46:48.340Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/3/2020 - 0:46:48.340Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/3/2020 - 0:46:48.340Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/3/2020 - 0:46:48.434Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/3/2020 - 0:46:48.434Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/3/2020 - 0:46:48.434Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/3/2020 - 0:46:48.434Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/3/2020 - 0:46:48.528Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/3/2020 - 0:46:48.528Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/3/2020 - 0:46:48.528Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/3/2020 - 0:46:48.528Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/3/2020 - 0:46:48.622Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/3/2020 - 0:46:48.622Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/3/2020 - 0:46:48.622Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/3/2020 - 0:46:48.622Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/3/2020 - 0:46:48.715Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/3/2020 - 0:46:48.715Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/3/2020 - 0:46:48.715Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/3/2020 - 0:46:48.715Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/3/2020 - 0:46:48.809Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/3/2020 - 0:46:48.809Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/3/2020 - 0:46:48.809Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/3/2020 - 0:46:48.809Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/3/2020 - 0:46:48.903Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/3/2020 - 0:46:48.903Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/3/2020 - 0:46:48.903Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/3/2020 - 0:46:48.903Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/3/2020 - 0:46:48.997Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/3/2020 - 0:46:48.997Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/3/2020 - 0:46:48.997Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/3/2020 - 0:46:48.997Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/3/2020 - 0:46:49.90Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/3/2020 - 0:46:49.90Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/3/2020 - 0:46:49.90Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/3/2020 - 0:46:49.90Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/3/2020 - 0:46:49.184Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/3/2020 - 0:46:49.184Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/3/2020 - 0:46:49.184Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/3/2020 - 0:46:49.184Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/3/2020 - 0:46:49.278Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/3/2020 - 0:46:49.278Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/3/2020 - 0:46:49.278Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/3/2020 - 0:46:49.278Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/3/2020 - 0:46:49.372Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/3/2020 - 0:46:49.372Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/3/2020 - 0:46:49.372Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/3/2020 - 0:46:49.372Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/3/2020 - 0:46:49.465Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/3/2020 - 0:46:49.465Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/3/2020 - 0:46:49.465Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/3/2020 - 0:46:49.465Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/3/2020 - 0:46:49.747Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/3/2020 - 0:46:49.934Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/3/2020 - 0:46:49.934Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/3/2020 - 0:46:49.934Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/3/2020 - 0:46:50.75Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/3/2020 - 0:46:50.75Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/3/2020 - 0:46:50.75Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/3/2020 - 0:46:50.75Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/3/2020 - 0:46:50.75Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/3/2020 - 0:46:50.75Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/3/2020 - 0:46:50.75Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/3/2020 - 0:46:50.75Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/3/2020 - 0:46:50.122Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/3/2020 - 0:46:50.309Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/3/2020 - 0:46:50.309Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/3/2020 - 0:46:50.309Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/3/2020 - 0:46:50.450Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/3/2020 - 0:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/3/2020 - 0:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/3/2020 - 0:46:50.637Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/3/2020 - 0:46:50.778Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/3/2020 - 0:46:50.965Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/3/2020 - 0:46:50.965Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/3/2020 - 0:46:50.965Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/3/2020 - 0:46:51.106Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/3/2020 - 0:46:51.293Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 0:46:51.293Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 0:46:51.293Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 0:46:51.622Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 0:46:51.856Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 0:46:52.90Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/3/2020 - 0:46:52.90Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/3/2020 - 0:46:52.90Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/3/2020 - 0:46:52.231Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/3/2020 - 0:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/3/2020 - 0:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/3/2020 - 0:46:52.465Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/3/2020 - 0:46:52.606Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/3/2020 - 0:46:52.887Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/3/2020 - 0:46:52.887Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/3/2020 - 0:46:52.887Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/3/2020 - 0:46:53.28Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/3/2020 - 0:46:53.262Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/3/2020 - 0:46:53.262Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/3/2020 - 0:46:53.262Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/3/2020 - 0:46:53.356Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/3/2020 - 0:46:53.356Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/3/2020 - 0:46:53.356Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/3/2020 - 0:46:53.356Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/3/2020 - 0:46:53.450Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/3/2020 - 0:46:53.450Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/3/2020 - 0:46:53.450Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/3/2020 - 0:46:53.450Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/3/2020 - 0:46:53.543Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/3/2020 - 0:46:53.543Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/3/2020 - 0:46:53.543Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/3/2020 - 0:46:53.543Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/3/2020 - 0:46:53.637Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/3/2020 - 0:46:53.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/3/2020 - 0:46:53.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/3/2020 - 0:46:53.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/3/2020 - 0:46:53.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/3/2020 - 0:46:53.637Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/3/2020 - 0:46:53.637Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/3/2020 - 0:46:53.637Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/3/2020 - 0:46:53.731Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/3/2020 - 0:46:53.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/3/2020 - 0:46:53.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/3/2020 - 0:46:53.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/3/2020 - 0:46:53.872Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/3/2020 - 0:46:53.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/3/2020 - 0:46:53.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/3/2020 - 0:46:53.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/3/2020 - 0:46:54.59Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/3/2020 - 0:46:54.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/3/2020 - 0:46:54.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/3/2020 - 0:46:54.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/3/2020 - 0:46:54.247Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/3/2020 - 0:46:54.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/3/2020 - 0:46:54.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/3/2020 - 0:46:54.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/3/2020 - 0:46:54.434Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/3/2020 - 0:46:54.481Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/3/2020 - 0:46:54.481Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/3/2020 - 0:46:54.481Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/3/2020 - 0:46:54.575Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/3/2020 - 0:46:54.668Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/3/2020 - 0:46:54.668Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/3/2020 - 0:46:54.668Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/3/2020 - 0:46:54.762Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/3/2020 - 0:46:54.856Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/3/2020 - 0:46:54.856Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/3/2020 - 0:46:54.856Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/3/2020 - 0:46:54.950Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/3/2020 - 0:46:55.43Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/3/2020 - 0:46:55.43Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/3/2020 - 0:46:55.43Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/3/2020 - 0:46:55.137Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/3/2020 - 0:46:55.231Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/3/2020 - 0:46:55.231Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/3/2020 - 0:46:55.231Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/3/2020 - 0:46:55.325Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/3/2020 - 0:46:55.372Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/3/2020 - 0:46:55.372Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/3/2020 - 0:46:55.372Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/3/2020 - 0:46:55.465Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/3/2020 - 0:46:55.512Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/3/2020 - 0:46:55.512Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/3/2020 - 0:46:55.512Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/3/2020 - 0:46:55.606Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/3/2020 - 0:46:55.653Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/3/2020 - 0:46:55.653Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/3/2020 - 0:46:55.653Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/3/2020 - 0:46:55.747Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/3/2020 - 0:46:55.793Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/3/2020 - 0:46:55.793Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/3/2020 - 0:46:55.793Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/3/2020 - 0:46:55.887Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/3/2020 - 0:46:55.887Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/3/2020 - 0:46:55.887Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/3/2020 - 0:46:55.887Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/3/2020 - 0:46:55.981Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/3/2020 - 0:46:55.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/3/2020 - 0:46:55.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/3/2020 - 0:46:55.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/3/2020 - 0:46:56.122Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/3/2020 - 0:46:57.668Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/3/2020 - 0:46:57.668Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/3/2020 - 0:46:57.668Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/3/2020 - 0:46:57.762Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/3/2020 - 0:46:57.762Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/3/2020 - 0:46:57.762Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/3/2020 - 0:46:57.762Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/3/2020 - 0:46:57.856Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/3/2020 - 0:46:57.856Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/3/2020 - 0:46:57.856Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/3/2020 - 0:46:57.856Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/3/2020 - 0:46:57.950Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/3/2020 - 0:46:57.950Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/3/2020 - 0:46:57.950Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/3/2020 - 0:46:57.950Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/3/2020 - 0:46:58.43Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/3/2020 - 0:46:58.43Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/3/2020 - 0:46:58.43Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/3/2020 - 0:46:58.43Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/3/2020 - 0:46:58.184Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/3/2020 - 0:46:58.184Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/3/2020 - 0:46:58.184Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/3/2020 - 0:46:58.184Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/3/2020 - 0:46:58.325Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/3/2020 - 0:46:58.325Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/3/2020 - 0:46:58.325Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/3/2020 - 0:46:58.325Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/3/2020 - 0:46:58.465Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/3/2020 - 0:46:58.465Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/3/2020 - 0:46:58.465Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/3/2020 - 0:46:58.465Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/3/2020 - 0:46:58.606Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/3/2020 - 0:46:58.606Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/3/2020 - 0:46:58.606Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/3/2020 - 0:46:58.606Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/3/2020 - 0:46:58.700Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/3/2020 - 0:46:58.700Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/3/2020 - 0:46:58.700Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/3/2020 - 0:46:58.700Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/3/2020 - 0:46:58.793Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/3/2020 - 0:46:58.793Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/3/2020 - 0:46:58.793Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/3/2020 - 0:46:58.793Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/3/2020 - 0:46:58.887Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/3/2020 - 0:46:58.887Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/3/2020 - 0:46:58.887Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/3/2020 - 0:46:58.887Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/3/2020 - 0:46:58.981Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/3/2020 - 0:46:58.981Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/3/2020 - 0:46:58.981Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/3/2020 - 0:46:58.981Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/3/2020 - 0:46:59.75Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/3/2020 - 0:46:59.75Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/3/2020 - 0:46:59.75Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/3/2020 - 0:46:59.75Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/3/2020 - 0:46:59.168Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/3/2020 - 0:46:59.168Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 0:46:59.168Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 0:46:59.168Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 0:46:59.309Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 0:46:59.309Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/3/2020 - 0:46:59.309Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/3/2020 - 0:46:59.309Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/3/2020 - 0:46:59.450Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/3/2020 - 0:46:59.450Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/3/2020 - 0:46:59.450Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/3/2020 - 0:46:59.450Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/3/2020 - 0:46:59.590Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/3/2020 - 0:46:59.590Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/3/2020 - 0:46:59.590Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/3/2020 - 0:46:59.590Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/3/2020 - 0:46:59.731Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/3/2020 - 0:46:59.731Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/3/2020 - 0:46:59.731Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/3/2020 - 0:46:59.731Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/3/2020 - 0:46:59.825Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/3/2020 - 0:46:59.825Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:46:59.825Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/3/2020 - 0:46:59.825Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:46:59.872Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:46:59.918Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:46:59.965Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/3/2020 - 0:46:59.965Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:47:0.12Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:47:0.59Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:47:0.106Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:47:0.153Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:47:0.200Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:47:0.247Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:47:0.293Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:47:0.340Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 0:47:0.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/3/2020 - 0:47:0.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/3/2020 - 0:47:0.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/3/2020 - 0:47:0.481Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/3/2020 - 0:47:0.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 0:47:0.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 0:47:0.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 0:47:0.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 0:47:0.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 0:47:0.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:0.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:1.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:1.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:1.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:1.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:1.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:1.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:1.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:1.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:1.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:2.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:2.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:2.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:2.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:2.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:2.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:2.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:2.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.28Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/3/2020 - 0:47:3.28Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 0:47:3.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:3.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:3.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:3.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:47:3.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:47:3.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.637Open1480C:\malware.exeC:\dwmapi.dll
11/3/2020 - 0:47:3.637Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
11/3/2020 - 0:47:3.637Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
11/3/2020 - 0:47:3.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:3.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:4.59Open1480C:\malware.exeC:\Windows\win.ini
11/3/2020 - 0:47:4.59Read1480C:\malware.exeC:\Windows\win.ini
11/3/2020 - 0:47:4.247Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll.Config
11/3/2020 - 0:47:4.247Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
11/3/2020 - 0:47:4.247Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:4.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:4.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:4.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:4.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
11/3/2020 - 0:47:4.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
11/3/2020 - 0:47:4.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
11/3/2020 - 0:47:4.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
11/3/2020 - 0:47:4.247Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 0:47:4.247Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 0:47:4.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:4.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:4.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:4.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\shell32.dll
11/3/2020 - 0:47:4.340Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:4.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:4.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:4.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:4.340Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll
11/3/2020 - 0:47:4.340Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.340Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dll
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:47:4.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:4.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:4.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:4.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:47:4.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:4.450Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll
11/3/2020 - 0:47:4.450Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:47:4.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
11/3/2020 - 0:47:4.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
11/3/2020 - 0:47:4.465Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
11/3/2020 - 0:47:4.465Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
11/3/2020 - 0:47:4.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
11/3/2020 - 0:47:4.465Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:4.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:47:4.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:47:4.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dllSystem.Transactions.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:4.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:4.715Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dll
11/3/2020 - 0:47:4.809Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:4.809Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dll
11/3/2020 - 0:47:4.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:4.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:4.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:4.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:4.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:5.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:5.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:5.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:5.184Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:47:5.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 0:47:5.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:5.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:5.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:5.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ab93db2a73b7f4cd22d6bb3355e6cce3\System.EnterpriseServices.ni.dllSystem.EnterpriseServices.ni.dll
11/3/2020 - 0:47:5.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b244a460caa24cae27edccf8bd6661ea\System.Transactions.ni.dllSystem.Transactions.ni.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\CRYPTSP.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\RpcRtRemote.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
11/3/2020 - 0:47:5.512Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
11/3/2020 - 0:47:5.512Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
11/3/2020 - 0:47:5.512Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\security.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\security.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\SECUR32.DLL
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\secur32.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\secur32.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\SSPICLI.DLL
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\credssp.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\credssp.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\credssp.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\schannel.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\schannel.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.559Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\wship6.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\wship6.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\DNSAPI.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
11/3/2020 - 0:47:5.559Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
11/3/2020 - 0:47:5.575Open1480C:\malware.exeC:\IPHLPAPI.DLL
11/3/2020 - 0:47:5.575Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
11/3/2020 - 0:47:5.575Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
11/3/2020 - 0:47:5.575Open1480C:\malware.exeC:\WINNSI.DLL
11/3/2020 - 0:47:5.575Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
11/3/2020 - 0:47:5.575Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
11/3/2020 - 0:47:5.622Open1480C:\malware.exeC:\rasadhlp.dll
11/3/2020 - 0:47:5.622Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
11/3/2020 - 0:47:5.622Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
11/3/2020 - 0:47:5.668Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
11/3/2020 - 0:47:5.668Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
11/3/2020 - 0:47:5.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:5.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.825Open1480C:\malware.exeC:\ncrypt.dll
11/3/2020 - 0:47:5.825Open1480C:\malware.exeC:\Windows\System32\ncrypt.dll
11/3/2020 - 0:47:5.825Open1480C:\malware.exeC:\Windows\System32\ncrypt.dll
11/3/2020 - 0:47:5.825Open1480C:\malware.exeC:\bcrypt.dll
11/3/2020 - 0:47:5.825Open1480C:\malware.exeC:\Windows\System32\bcrypt.dll
11/3/2020 - 0:47:5.825Open1480C:\malware.exeC:\Windows\System32\bcrypt.dll
11/3/2020 - 0:47:5.825Open1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dll
11/3/2020 - 0:47:5.825Unknown1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dllbcryptprimitives.dll
11/3/2020 - 0:47:5.825Open1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dll
11/3/2020 - 0:47:5.825Unknown1480C:\malware.exeC:\Windows\System32\bcryptprimitives.dllbcryptprimitives.dll
11/3/2020 - 0:47:5.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
11/3/2020 - 0:47:5.856Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
11/3/2020 - 0:47:5.856Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:5.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:47:5.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:47:5.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.856Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllSystem.Data.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.pdb
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\symbols\dll\System.Data.pdb
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\dll\System.Data.pdb
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\System.Data.pdb
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\malware.config
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:5.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 0:47:5.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:5.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 0:47:5.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 0:47:5.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:5.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:5.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:5.934Open1480C:\malware.exeC:\Windows\System32\wbem\wmiutils.dll
11/3/2020 - 0:47:5.934Open1480C:\malware.exeC:\Windows\System32\wbem\wmiutils.dll
11/3/2020 - 0:47:5.934Open1480C:\malware.exeC:\Windows\System32\wbem\wbemcomn.dll
11/3/2020 - 0:47:5.934Open1480C:\malware.exeC:\Windows\System32\wbemcomn.dll
11/3/2020 - 0:47:5.934Open1480C:\malware.exeC:\Windows\System32\wbemcomn.dll
11/3/2020 - 0:47:5.934Open1480C:\malware.exeC:\Windows\System32\wbem\Logs
11/3/2020 - 0:47:5.934Unknown1480C:\malware.exeC:\Windows\System32\wbem\Logs
11/3/2020 - 0:47:5.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:6.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:6.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:6.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:6.75Open1480C:\malware.exeC:\Windows\System32\wbem\wbemprox.dll
11/3/2020 - 0:47:6.75Open1480C:\malware.exeC:\Windows\System32\wbem\wbemprox.dll
11/3/2020 - 0:47:6.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:6.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:6.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
11/3/2020 - 0:47:6.215Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/3/2020 - 0:47:6.215Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
11/3/2020 - 0:47:6.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/3/2020 - 0:47:6.262Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/3/2020 - 0:47:6.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/3/2020 - 0:47:6.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
11/3/2020 - 0:47:6.356Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/3/2020 - 0:47:6.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/3/2020 - 0:47:6.356Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:6.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:47:6.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:47:6.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
11/3/2020 - 0:47:6.356Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/3/2020 - 0:47:6.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:6.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:6.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:6.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:6.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:6.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:6.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:6.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:6.543Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
11/3/2020 - 0:47:6.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:6.903Open1480C:\malware.exeC:\Windows\System32\wbem\wbemsvc.dll
11/3/2020 - 0:47:6.903Open1480C:\malware.exeC:\Windows\System32\wbem\wbemsvc.dll
11/3/2020 - 0:47:6.950Open1480C:\malware.exeC:\Windows\System32\wbem\fastprox.dll
11/3/2020 - 0:47:6.950Open1480C:\malware.exeC:\Windows\System32\wbem\fastprox.dll
11/3/2020 - 0:47:6.950Open1480C:\malware.exeC:\Windows\System32\wbem\NTDSAPI.dll
11/3/2020 - 0:47:6.950Open1480C:\malware.exeC:\Windows\System32\ntdsapi.dll
11/3/2020 - 0:47:6.950Open1480C:\malware.exeC:\Windows\System32\ntdsapi.dll
11/3/2020 - 0:47:6.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:7.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:7.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\423a86328b4997e022986fc2450b9971\System.Management.ni.dllSystem.Management.ni.dll
11/3/2020 - 0:47:7.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:7.606Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\OLEAUT32.dll
11/3/2020 - 0:47:11.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:11.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:11.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:12.434Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:47:12.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:12.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:12.622Open1480C:\malware.exeC:\W7VM1.key
11/3/2020 - 0:47:12.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.622Open1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.622Open1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.622Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
11/3/2020 - 0:47:12.622Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
11/3/2020 - 0:47:12.622Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
11/3/2020 - 0:47:12.622Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
11/3/2020 - 0:47:12.622Open1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.622Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:12.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:12.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:12.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:12.668Open1480C:\malware.exeC:\SXS.DLL
11/3/2020 - 0:47:12.668Open1480C:\malware.exeC:\Windows\System32\sxs.dll
11/3/2020 - 0:47:12.668Open1480C:\malware.exeC:\Windows\System32\sxs.dll
11/3/2020 - 0:47:12.668Open1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\System32\ieframe.dll
11/3/2020 - 0:47:12.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.715Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:12.715Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:12.715Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:12.715Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:12.715Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:12.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:12.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\PROPSYS.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Windows\System32\propsys.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Windows\System32\propsys.dll
11/3/2020 - 0:47:12.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Windows\System32\shell32.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:12.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\apphelp.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
11/3/2020 - 0:47:12.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:12.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:12.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:12.934Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:12.934Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:12.950Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:12.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
11/3/2020 - 0:47:12.950Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
11/3/2020 - 0:47:12.950Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
11/3/2020 - 0:47:12.950Open1480C:\malware.exeC:\Windows\System32\webio.dll
11/3/2020 - 0:47:12.950Open1480C:\malware.exeC:\Windows\System32\webio.dll
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 0:47:13.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/3/2020 - 0:47:13.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/3/2020 - 0:47:13.122Open1480C:\malware.exeC:\Windows\System32\netprofm.dll
11/3/2020 - 0:47:13.122Open1480C:\malware.exeC:\Windows\System32\netprofm.dll
11/3/2020 - 0:47:13.122Open1480C:\malware.exeC:\Windows\System32\nlaapi.dll
11/3/2020 - 0:47:13.122Open1480C:\malware.exeC:\Windows\System32\nlaapi.dll
11/3/2020 - 0:47:13.122Open1480C:\malware.exeC:\MSHTML.dll
11/3/2020 - 0:47:13.122Open1480C:\malware.exeC:\Windows\System32\mshtml.dll
11/3/2020 - 0:47:13.122Open1480C:\malware.exeC:\Windows\System32\mshtml.dll
11/3/2020 - 0:47:13.168Open1480C:\malware.exeC:\dhcpcsvc6.DLL
11/3/2020 - 0:47:13.168Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
11/3/2020 - 0:47:13.168Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
11/3/2020 - 0:47:13.168Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
11/3/2020 - 0:47:13.168Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
11/3/2020 - 0:47:13.215Open1480C:\malware.exeC:\dhcpcsvc.DLL
11/3/2020 - 0:47:13.215Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
11/3/2020 - 0:47:13.215Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
11/3/2020 - 0:47:13.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.215Open1480C:\malware.exeC:\W7VM1.key
11/3/2020 - 0:47:13.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:47:13.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.215Open1480C:\malware.exeC:\Windows\System32\npmproxy.dll
11/3/2020 - 0:47:13.215Open1480C:\malware.exeC:\Windows\System32\npmproxy.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 0:47:13.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:13.247Open1480C:\malware.exeC:\W7VM1.key
11/3/2020 - 0:47:13.247Unknown1480C:\malware.exeC:\W7VM1.key
11/3/2020 - 0:47:13.247Unknown1480C:\malware.exeC:\W7VM1.key
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wship6.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wship6.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wship6.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wshqos.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wshqos.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wshqos.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wshqos.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wshqos.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wshqos.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wshqos.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wshqos.dll
11/3/2020 - 0:47:13.356Open1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:13.403Open1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:13.637Open1480C:\malware.exeC:\Windows\System32\mpr.dll
11/3/2020 - 0:47:13.637Open1480C:\malware.exeC:\Windows\System32\mpr.dll
11/3/2020 - 0:47:13.637Open1480C:\malware.exeC:\Windows\System32\scrrun.dll
11/3/2020 - 0:47:13.637Open1480C:\malware.exeC:\Windows\System32\scrrun.dll
11/3/2020 - 0:47:14.43Open1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 0:47:14.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 0:47:14.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ler[1].htm
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\System32\wshom.ocx
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:14.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:15.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:15.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:15.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:15.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:15.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:15.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:15.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:15.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:15.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:15.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:15.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.778Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ler[1].htmler[1].htm
11/3/2020 - 0:47:15.778Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ler[1].htmler[1].htm
11/3/2020 - 0:47:15.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ler[1].htmler[1].htm
11/3/2020 - 0:47:15.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 0:47:15.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:15.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:16.12Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 0:47:16.12Read1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 0:47:16.12Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:16.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:16.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:16.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
11/3/2020 - 0:47:16.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:16.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:16.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:16.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:16.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:16.387Open1480C:\malware.exeC:\MLANG.dll
11/3/2020 - 0:47:16.387Open1480C:\malware.exeC:\Windows\System32\mlang.dll
11/3/2020 - 0:47:16.387Open1480C:\malware.exeC:\Windows\System32\mlang.dll
11/3/2020 - 0:47:17.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ler[1].htm
11/3/2020 - 0:47:17.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:17.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:17.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:17.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:17.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:17.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:17.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 0:47:17.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:17.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
11/3/2020 - 0:47:17.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\2ef0e7c843a98f5ad2702a8755d1558b\System.Data.ni.dllSystem.Data.ni.dll
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_64\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:17.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dll
11/3/2020 - 0:47:17.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dll
11/3/2020 - 0:47:17.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:17.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:17.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dll
11/3/2020 - 0:47:17.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:17.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dll
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dll
11/3/2020 - 0:47:17.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dll
11/3/2020 - 0:47:17.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Data.resources.dllSystem.Data.resources.dll
11/3/2020 - 0:47:17.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:18.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 0:47:18.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 0:47:18.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].css
11/3/2020 - 0:47:18.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].cssdominio-reservado[1].css
11/3/2020 - 0:47:18.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].css
11/3/2020 - 0:47:18.590Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].cssdominio-reservado[1].css
11/3/2020 - 0:47:18.590Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].cssdominio-reservado[1].css
11/3/2020 - 0:47:18.590Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].cssdominio-reservado[1].css
11/3/2020 - 0:47:18.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].css
11/3/2020 - 0:47:18.637Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].cssdominio-reservado[1].css
11/3/2020 - 0:47:18.637Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].cssdominio-reservado[1].css
11/3/2020 - 0:47:18.637Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].cssdominio-reservado[1].css
11/3/2020 - 0:47:18.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].cssdominio-reservado[1].css
11/3/2020 - 0:47:18.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\dominio-reservado[1].cssdominio-reservado[1].css
11/3/2020 - 0:47:19.59Open1480C:\malware.exeC:\d2d1.dll
11/3/2020 - 0:47:19.59Open1480C:\malware.exeC:\Windows\System32\d2d1.dll
11/3/2020 - 0:47:19.59Open1480C:\malware.exeC:\Windows\System32\d2d1.dll
11/3/2020 - 0:47:19.668Open1480C:\malware.exeC:\DWrite.dll
11/3/2020 - 0:47:19.668Open1480C:\malware.exeC:\Windows\System32\DWrite.dll
11/3/2020 - 0:47:19.668Open1480C:\malware.exeC:\Windows\System32\DWrite.dll
11/3/2020 - 0:47:20.278Open1480C:\malware.exeC:\dxgi.dll
11/3/2020 - 0:47:20.278Open1480C:\malware.exeC:\Windows\System32\dxgi.dll
11/3/2020 - 0:47:20.278Open1480C:\malware.exeC:\Windows\System32\dxgi.dll
11/3/2020 - 0:47:20.278Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:47:20.278Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:47:20.278Open1480C:\malware.exeC:\DXGIDebug.dll
11/3/2020 - 0:47:20.278Open1480C:\malware.exeC:\Windows\System32\DXGIDebug.dll
11/3/2020 - 0:47:20.278Open1480C:\malware.exeC:\Windows\System32\DXGIDebug.dll
11/3/2020 - 0:47:20.278Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:47:20.278Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:47:20.372Open1480C:\malware.exeC:\d3d11.dll
11/3/2020 - 0:47:20.372Open1480C:\malware.exeC:\Windows\System32\d3d11.dll
11/3/2020 - 0:47:20.372Open1480C:\malware.exeC:\Windows\System32\d3d11.dll
11/3/2020 - 0:47:20.512Open1480C:\malware.exeC:\D3D10Warp.dll
11/3/2020 - 0:47:20.512Open1480C:\malware.exeC:\Windows\System32\d3d10warp.dll
11/3/2020 - 0:47:20.512Unknown1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.512Open1480C:\malware.exeC:\Windows\System32\d3d10warp.dll
11/3/2020 - 0:47:20.512Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.559Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.606Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.653Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.700Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.747Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.793Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.840Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.887Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.934Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:20.981Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:47:20.981Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:47:21.28Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.75Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.122Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.168Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.450Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:47:21.450Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 0:47:21.497Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.497Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.497Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.497Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.497Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.512Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.512Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.512Open1480C:\malware.exeC:\Windows\System32\d3d10warp.dll
11/3/2020 - 0:47:21.512Unknown1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.512Open1480C:\malware.exeC:\Windows\System32\d3d10warp.dll
11/3/2020 - 0:47:21.512Unknown1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.700Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:21.793Read1480C:\malware.exeC:\Windows\System32\d3d10warp.dlld3d10warp.dll
11/3/2020 - 0:47:22.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 0:47:22.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 0:47:22.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/3/2020 - 0:47:22.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/3/2020 - 0:47:22.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/3/2020 - 0:47:22.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/3/2020 - 0:47:22.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
11/3/2020 - 0:47:22.872Open1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dll
11/3/2020 - 0:47:22.872Unknown1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dllWindowsCodecs.dll
11/3/2020 - 0:47:22.872Open1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dll
11/3/2020 - 0:47:22.872Unknown1480C:\malware.exeC:\Windows\System32\WindowsCodecs.dllWindowsCodecs.dll
11/3/2020 - 0:47:22.918Open1480C:\malware.exeC:\Windows\System32\msimtf.dll
11/3/2020 - 0:47:22.918Open1480C:\malware.exeC:\Windows\System32\msimtf.dll
11/3/2020 - 0:47:23.12Open1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
11/3/2020 - 0:47:23.12Unknown1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.12Open1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
11/3/2020 - 0:47:23.12Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.90Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.137Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.184Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.231Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.278Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.325Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.372Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.418Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.465Open1480C:\malware.exeC:\msls31.dll
11/3/2020 - 0:47:23.465Open1480C:\malware.exeC:\Windows\System32\msls31.dll
11/3/2020 - 0:47:23.465Open1480C:\malware.exeC:\Windows\System32\msls31.dll
11/3/2020 - 0:47:23.465Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.512Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/3/2020 - 0:47:23.512Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.559Read1480C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 0:47:23.559Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/3/2020 - 0:47:23.637Open1480C:\malware.exeC:\Windows\System32\msxml6.dll
11/3/2020 - 0:47:23.637Open1480C:\malware.exeC:\Windows\System32\msxml6.dll
11/3/2020 - 0:47:23.637Open1480C:\malware.exeC:\Windows\System32\msxml6r.dll
11/3/2020 - 0:47:23.637Open1480C:\malware.exeC:\Windows\System32\msxml6r.dll
11/3/2020 - 0:47:24.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 0:47:24.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:25.137Unknown1480C:\malware.exeC:\W7VM1.key
11/3/2020 - 0:47:38.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:40.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:40.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:40.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 0:47:40.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
11/3/2020 - 0:46:15.465Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
11/3/2020 - 0:47:12.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 0:47:12.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 0:47:12.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 0:47:12.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/3/2020 - 0:47:12.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 0:47:12.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 0:47:12.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 0:47:12.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/3/2020 - 0:47:12.950Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
11/3/2020 - 0:47:12.950Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
11/3/2020 - 0:47:12.950Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
11/3/2020 - 0:47:12.950Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
11/3/2020 - 0:47:12.950Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
11/3/2020 - 0:47:12.950Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
11/3/2020 - 0:47:13.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
11/3/2020 - 0:47:13.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
11/3/2020 - 0:47:13.12Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
11/3/2020 - 0:47:13.262Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/3/2020 - 0:47:13.262Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/3/2020 - 0:47:13.262Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/3/2020 - 0:47:13.262Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/3/2020 - 0:47:14.168Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runwinlogon
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
11/3/2020 - 0:47:14.653Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/3/2020 - 0:47:14.653Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/3/2020 - 0:47:14.653Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/3/2020 - 0:47:14.653Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code associacaosecuritaria.com.br.
computer localhost arrow_forward computer gateway:DNS code mssql05.redehost.com.br.
computer localhost arrow_forward computer gateway:59829 code host.imguol.com.
computer localhost arrow_forward computer gateway:50043 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:50273 code mssql05.redehost.com.br.
computer localhost arrow_forward computer gateway:DNS code host.imguol.com.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.

Response
computer gateway:DNS arrow_forward computer localhost code host.imguol.com. reply_all 200.147.4.50

computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255

computer gateway:DNS arrow_forward computer localhost code mssql05.redehost.com.br. reply_all 177.55.96.85

computer gateway:DNS arrow_forward computer localhost code associacaosecuritaria.com.br. reply_all 187.17.111.105


TCP
Info
computer localhost:65193 arrow_forward 200.147.4.50:80
177.55.96.85:5003 arrow_forward computer localhost:65191
187.17.111.105:80 arrow_forward computer localhost:65192
computer localhost:65191 arrow_forward 177.55.96.85:5003
computer localhost:65192 arrow_forward 187.17.111.105:80
200.147.4.50:80 arrow_forward computer localhost:65193

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50043
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:50043 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:59829 arrow_forward computer localhost:53
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET host.imguol.com attach_file /hospedagem/uolhost-hospedagem/css/dominio-reservado.css
computer localhost send GET associacaosecuritaria.com.br attach_file /wp-content/plugins/BoxTheme/ler.php

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 58.75%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 95.55%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 53.25%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.99%
suspicious: False cancel

Add to Collection
Download