Report #9382 cancel

  • Creation Date: March 11, 2020, 7:10 p.m.
  • Last Update: March 11, 2020, 11:07 p.m.
  • File: boleto-2014.exe
  • Results:
AVclass
None
1
VirusTotal
md5
418c832ddb17a767d560503e89758648
sha1
642b99a61267e723e5a76e93d18547f8187cd192
SCANS (DETECTION RATE = 79.10%)
AVG
result: Win32:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180323
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
result: Trojan.MSIL.Injector.AG
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Injector.A.201
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9998
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.OBAB-2997
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.DownLoader11.37643
update: 20180323
version: 7.0.28.2020
detected: True check_circle

GData
result: Trojan.MSIL.Injector.AG
update: 20180323
version: A:25.16478B:25.11859
detected: True check_circle

Panda
result: Trj/Chgt.J
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.Inject
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65472
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Agent3988288191/CRDF-1
update: 20180323
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20180323
detected: False cancel

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Msil
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.dx!418C832DDB17
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Generic!8.C3 (TFE:C:J6J8kLzg0xP)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Injector!8KO98wCUyzw
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.Inject.Win32.115273
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.MSIL.Injector.AG
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan.Inject.Pbfo
update: 20180323
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180323
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.MSIL.Injector.AG
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.W32.Inject.tenf!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.MSIL.Injector.AG (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.MSIL.Injector.AG
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: MSIL/Injector.GAQ!tr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Backdoor/DarkKomet.ghs
update: 20180323
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
result: Trojan/W32.Inject.165888.I
update: 20180323
version: 2018-03-23.02
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Injector.C607640
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Inject
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.Win32.Inject.tenf
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180323
version: 1.1.14600.4
detected: False cancel

Qihoo-360
result: Win32/Trojan.Multi.daf
update: 20180323
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan.Win32.Inject.tenf
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.ddb17a
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Injector.FYD
update: 20180323
version: 17106
detected: True check_circle

TrendMicro
result: TROJ_SPNR.0BJS14
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Trojan.MSIL.Injector.AG
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (D)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 700000121 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
result: Win32/Inject.dXGWQO
update: 20180323
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: Trojan.Inject
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Inject.dhqvkf
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.MSIL.Injector.AG
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Backdoor.cm
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_SPNR.0BJS14
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
225164f967b30b8ce9d2f04a10de3760261f5543a12ff638671f5b2888f71702
scan_id
225164f967b30b8ce9d2f04a10de3760261f5543a12ff638671f5b2888f71702-1521836141
resource
418c832ddb17a767d560503e89758648
positives
53
scan_date
2018-03-23 20:15:41
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:45:43.840Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\
11/3/2020 - 22:45:43.840Unknown1480C:\malware.exeC:\
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\Windows
11/3/2020 - 22:45:43.840Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 22:45:43.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:45:43.840Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:45:43.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/3/2020 - 22:45:43.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:43.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:43.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:43.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:43.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:43.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:43.872Open1480C:\malware.exeC:\malware.exe.config
11/3/2020 - 22:45:43.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 22:45:43.887Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:45:43.887Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 22:45:43.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
11/3/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
11/3/2020 - 22:45:44.28Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
11/3/2020 - 22:45:44.28Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/3/2020 - 22:45:44.28Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:45:44.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:45:44.43Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\
11/3/2020 - 22:45:44.43Unknown1480C:\malware.exeC:\
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\Monitor
11/3/2020 - 22:45:44.43Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:45:44.43Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:45:44.43Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 22:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 22:45:44.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\malware.config
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:45:44.90Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:45:44.90Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:45:44.90Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/3/2020 - 22:45:44.90Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:44.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:44.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:44.90Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:45:44.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:45:44.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/3/2020 - 22:45:44.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/3/2020 - 22:45:44.122Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/3/2020 - 22:45:44.122Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:45:44.122Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:45:44.122Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:45:44.122Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:45:44.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:44.137Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/3/2020 - 22:45:44.137Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.137Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/3/2020 - 22:45:44.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:44.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:45.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:45.75Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/3/2020 - 22:45:45.215Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.215Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/3/2020 - 22:45:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:45.684Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/3/2020 - 22:45:45.825Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:45.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/3/2020 - 22:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:47.418Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:45:47.606Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:45:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:48.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:45:48.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:45:48.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:48.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:48.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:48.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:45:48.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:45:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/3/2020 - 22:45:49.840Open1480C:\malware.exeC:\VERSION.dll
11/3/2020 - 22:45:49.840Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 22:45:49.840Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 22:45:49.840Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:45:49.840Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:49.840Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:49.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:45:49.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:49.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:49.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:49.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:50.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:50.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:50.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:50.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:50.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:50.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:50.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:50.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:50.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:50.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:50.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:50.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:51.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:51.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:53.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:53.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:54.622Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
11/3/2020 - 22:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:55.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:55.184Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.278Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.278Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.606Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:45:55.747Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:56.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:56.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:56.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:56.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:56.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:56.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:56.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:56.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:57.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:57.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:45:57.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:57.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
11/3/2020 - 22:45:58.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/3/2020 - 22:45:58.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:45:58.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:45:58.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:45:58.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:45:58.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:58.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:59.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:59.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:45:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:45:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:59.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:59.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:59.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:45:59.981Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
11/3/2020 - 22:45:59.981Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:45:59.981Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/3/2020 - 22:45:59.981Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/3/2020 - 22:45:59.981Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/3/2020 - 22:45:59.981Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\ShFolder.DLL
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:0.28Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:0.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:0.28Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:0.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:0.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:0.28Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/3/2020 - 22:46:0.28Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/3/2020 - 22:46:0.43Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
11/3/2020 - 22:46:0.43Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 22:46:0.43Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 22:46:0.43Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 22:46:0.606Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 22:46:1.28Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 22:46:1.75Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 22:46:1.122Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
11/3/2020 - 22:46:1.122Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/3/2020 - 22:46:1.122Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/3/2020 - 22:46:1.122Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/3/2020 - 22:46:1.262Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
11/3/2020 - 22:46:1.309Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/3/2020 - 22:46:1.309Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/3/2020 - 22:46:1.309Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/3/2020 - 22:46:1.403Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
11/3/2020 - 22:46:1.450Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/3/2020 - 22:46:1.450Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/3/2020 - 22:46:1.450Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/3/2020 - 22:46:1.590Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
11/3/2020 - 22:46:1.637Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/3/2020 - 22:46:1.637Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/3/2020 - 22:46:1.637Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/3/2020 - 22:46:1.778Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
11/3/2020 - 22:46:1.825Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/3/2020 - 22:46:1.825Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/3/2020 - 22:46:1.825Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/3/2020 - 22:46:1.918Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
11/3/2020 - 22:46:1.918Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/3/2020 - 22:46:1.918Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/3/2020 - 22:46:1.918Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/3/2020 - 22:46:2.12Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
11/3/2020 - 22:46:2.12Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/3/2020 - 22:46:2.12Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/3/2020 - 22:46:2.12Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/3/2020 - 22:46:2.106Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
11/3/2020 - 22:46:2.106Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/3/2020 - 22:46:2.106Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/3/2020 - 22:46:2.106Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/3/2020 - 22:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
11/3/2020 - 22:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/3/2020 - 22:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/3/2020 - 22:46:2.247Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/3/2020 - 22:46:2.387Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
11/3/2020 - 22:46:2.434Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/3/2020 - 22:46:2.434Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/3/2020 - 22:46:2.434Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/3/2020 - 22:46:2.528Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
11/3/2020 - 22:46:2.575Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/3/2020 - 22:46:2.575Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/3/2020 - 22:46:2.575Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/3/2020 - 22:46:2.668Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
11/3/2020 - 22:46:2.668Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/3/2020 - 22:46:2.668Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/3/2020 - 22:46:2.668Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/3/2020 - 22:46:2.762Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
11/3/2020 - 22:46:2.762Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 22:46:2.762Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 22:46:2.762Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 22:46:3.325Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 22:46:3.747Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 22:46:3.793Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 22:46:3.840Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 22:46:3.840Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/3/2020 - 22:46:3.840Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/3/2020 - 22:46:3.840Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/3/2020 - 22:46:3.934Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
11/3/2020 - 22:46:3.934Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/3/2020 - 22:46:3.934Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/3/2020 - 22:46:3.934Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/3/2020 - 22:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
11/3/2020 - 22:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/3/2020 - 22:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/3/2020 - 22:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/3/2020 - 22:46:4.168Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
11/3/2020 - 22:46:4.168Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/3/2020 - 22:46:4.168Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/3/2020 - 22:46:4.168Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/3/2020 - 22:46:4.262Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
11/3/2020 - 22:46:4.309Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/3/2020 - 22:46:4.309Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/3/2020 - 22:46:4.309Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/3/2020 - 22:46:4.403Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
11/3/2020 - 22:46:4.450Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/3/2020 - 22:46:4.450Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/3/2020 - 22:46:4.450Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/3/2020 - 22:46:4.543Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
11/3/2020 - 22:46:4.543Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/3/2020 - 22:46:4.543Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/3/2020 - 22:46:4.543Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/3/2020 - 22:46:4.637Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
11/3/2020 - 22:46:4.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/3/2020 - 22:46:4.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/3/2020 - 22:46:4.637Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/3/2020 - 22:46:4.731Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
11/3/2020 - 22:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/3/2020 - 22:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/3/2020 - 22:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/3/2020 - 22:46:4.872Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
11/3/2020 - 22:46:4.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/3/2020 - 22:46:4.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/3/2020 - 22:46:4.918Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/3/2020 - 22:46:5.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
11/3/2020 - 22:46:5.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/3/2020 - 22:46:5.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/3/2020 - 22:46:5.12Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/3/2020 - 22:46:5.106Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
11/3/2020 - 22:46:5.106Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/3/2020 - 22:46:5.106Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/3/2020 - 22:46:5.106Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/3/2020 - 22:46:5.200Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
11/3/2020 - 22:46:5.200Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/3/2020 - 22:46:5.200Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/3/2020 - 22:46:5.200Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/3/2020 - 22:46:5.293Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
11/3/2020 - 22:46:5.293Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/3/2020 - 22:46:5.293Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/3/2020 - 22:46:5.293Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/3/2020 - 22:46:5.387Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
11/3/2020 - 22:46:5.434Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:5.434Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:5.434Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:5.715Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:5.856Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/3/2020 - 22:46:5.856Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/3/2020 - 22:46:5.856Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/3/2020 - 22:46:6.137Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
11/3/2020 - 22:46:6.278Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/3/2020 - 22:46:6.278Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/3/2020 - 22:46:6.278Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/3/2020 - 22:46:6.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
11/3/2020 - 22:46:6.465Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/3/2020 - 22:46:6.465Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/3/2020 - 22:46:6.465Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/3/2020 - 22:46:6.559Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
11/3/2020 - 22:46:6.606Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 22:46:6.606Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 22:46:6.606Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 22:46:7.262Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 22:46:7.965Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 22:46:8.340Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 22:46:8.809Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
11/3/2020 - 22:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 22:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 22:46:9.184Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 22:46:9.840Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 22:46:10.543Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 22:46:10.918Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 22:46:11.340Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
11/3/2020 - 22:46:11.715Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/3/2020 - 22:46:11.715Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/3/2020 - 22:46:11.762Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/3/2020 - 22:46:11.903Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
11/3/2020 - 22:46:11.950Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:11.950Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:11.950Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:12.278Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:12.606Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/3/2020 - 22:46:12.606Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/3/2020 - 22:46:12.606Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/3/2020 - 22:46:12.934Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
11/3/2020 - 22:46:13.215Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:13.215Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:13.215Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:13.590Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:14.12Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/3/2020 - 22:46:14.12Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/3/2020 - 22:46:14.12Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/3/2020 - 22:46:14.387Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
11/3/2020 - 22:46:14.747Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 22:46:14.747Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 22:46:14.747Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 22:46:15.262Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 22:46:15.637Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 22:46:15.637Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 22:46:15.637Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 22:46:15.637Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 22:46:15.684Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 22:46:16.200Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 22:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 22:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
11/3/2020 - 22:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/3/2020 - 22:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/3/2020 - 22:46:16.622Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/3/2020 - 22:46:16.762Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
11/3/2020 - 22:46:16.856Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 22:46:16.856Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 22:46:16.856Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 22:46:17.278Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 22:46:17.606Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 22:46:17.793Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 22:46:17.887Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 22:46:17.887Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 22:46:17.887Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 22:46:18.262Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 22:46:18.590Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
11/3/2020 - 22:46:18.684Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/3/2020 - 22:46:18.684Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/3/2020 - 22:46:18.684Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/3/2020 - 22:46:18.778Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
11/3/2020 - 22:46:18.778Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/3/2020 - 22:46:18.778Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/3/2020 - 22:46:18.778Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/3/2020 - 22:46:18.872Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
11/3/2020 - 22:46:18.872Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/3/2020 - 22:46:18.872Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/3/2020 - 22:46:18.872Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/3/2020 - 22:46:18.965Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
11/3/2020 - 22:46:18.965Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/3/2020 - 22:46:18.965Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/3/2020 - 22:46:18.965Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/3/2020 - 22:46:19.106Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
11/3/2020 - 22:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/3/2020 - 22:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/3/2020 - 22:46:19.200Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/3/2020 - 22:46:19.340Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
11/3/2020 - 22:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/3/2020 - 22:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/3/2020 - 22:46:19.387Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/3/2020 - 22:46:19.528Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
11/3/2020 - 22:46:19.528Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/3/2020 - 22:46:19.528Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/3/2020 - 22:46:19.528Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/3/2020 - 22:46:19.622Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
11/3/2020 - 22:46:19.622Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/3/2020 - 22:46:19.622Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/3/2020 - 22:46:19.622Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/3/2020 - 22:46:19.715Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
11/3/2020 - 22:46:19.715Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/3/2020 - 22:46:19.715Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/3/2020 - 22:46:19.715Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/3/2020 - 22:46:19.809Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
11/3/2020 - 22:46:19.809Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/3/2020 - 22:46:19.809Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/3/2020 - 22:46:19.809Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/3/2020 - 22:46:19.950Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
11/3/2020 - 22:46:20.90Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/3/2020 - 22:46:20.90Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/3/2020 - 22:46:20.90Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/3/2020 - 22:46:20.231Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
11/3/2020 - 22:46:20.372Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:20.372Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:20.372Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:20.372Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:20.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/3/2020 - 22:46:20.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/3/2020 - 22:46:20.372Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/3/2020 - 22:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
11/3/2020 - 22:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/3/2020 - 22:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/3/2020 - 22:46:20.418Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/3/2020 - 22:46:20.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
11/3/2020 - 22:46:20.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/3/2020 - 22:46:20.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/3/2020 - 22:46:20.465Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/3/2020 - 22:46:20.606Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/3/2020 - 22:46:20.700Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/3/2020 - 22:46:20.840Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
11/3/2020 - 22:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/3/2020 - 22:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/3/2020 - 22:46:20.887Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/3/2020 - 22:46:21.28Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
11/3/2020 - 22:46:21.122Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 22:46:21.122Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 22:46:21.122Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 22:46:21.215Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 22:46:21.309Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 22:46:21.309Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/3/2020 - 22:46:21.309Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/3/2020 - 22:46:21.309Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/3/2020 - 22:46:21.637Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
11/3/2020 - 22:46:21.825Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/3/2020 - 22:46:21.825Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/3/2020 - 22:46:21.825Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/3/2020 - 22:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
11/3/2020 - 22:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/3/2020 - 22:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/3/2020 - 22:46:21.918Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/3/2020 - 22:46:22.12Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
11/3/2020 - 22:46:22.12Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/3/2020 - 22:46:22.12Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/3/2020 - 22:46:22.12Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/3/2020 - 22:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
11/3/2020 - 22:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/3/2020 - 22:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/3/2020 - 22:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/3/2020 - 22:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
11/3/2020 - 22:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/3/2020 - 22:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/3/2020 - 22:46:22.106Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/3/2020 - 22:46:22.247Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
11/3/2020 - 22:46:22.340Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/3/2020 - 22:46:22.340Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/3/2020 - 22:46:22.340Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/3/2020 - 22:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
11/3/2020 - 22:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/3/2020 - 22:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/3/2020 - 22:46:22.387Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/3/2020 - 22:46:22.528Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
11/3/2020 - 22:46:22.622Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/3/2020 - 22:46:22.622Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/3/2020 - 22:46:22.622Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/3/2020 - 22:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
11/3/2020 - 22:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/3/2020 - 22:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/3/2020 - 22:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/3/2020 - 22:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
11/3/2020 - 22:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/3/2020 - 22:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/3/2020 - 22:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/3/2020 - 22:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
11/3/2020 - 22:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/3/2020 - 22:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/3/2020 - 22:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/3/2020 - 22:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
11/3/2020 - 22:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/3/2020 - 22:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/3/2020 - 22:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/3/2020 - 22:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
11/3/2020 - 22:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/3/2020 - 22:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/3/2020 - 22:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/3/2020 - 22:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
11/3/2020 - 22:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/3/2020 - 22:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/3/2020 - 22:46:23.231Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/3/2020 - 22:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
11/3/2020 - 22:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 22:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 22:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 22:46:23.418Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 22:46:23.418Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/3/2020 - 22:46:23.418Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/3/2020 - 22:46:23.418Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/3/2020 - 22:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
11/3/2020 - 22:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/3/2020 - 22:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/3/2020 - 22:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/3/2020 - 22:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
11/3/2020 - 22:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/3/2020 - 22:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/3/2020 - 22:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/3/2020 - 22:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
11/3/2020 - 22:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/3/2020 - 22:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/3/2020 - 22:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/3/2020 - 22:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
11/3/2020 - 22:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/3/2020 - 22:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/3/2020 - 22:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/3/2020 - 22:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
11/3/2020 - 22:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/3/2020 - 22:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/3/2020 - 22:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/3/2020 - 22:46:24.28Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
11/3/2020 - 22:46:24.28Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/3/2020 - 22:46:24.28Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/3/2020 - 22:46:24.28Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/3/2020 - 22:46:24.122Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
11/3/2020 - 22:46:24.122Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/3/2020 - 22:46:24.122Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/3/2020 - 22:46:24.122Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/3/2020 - 22:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
11/3/2020 - 22:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/3/2020 - 22:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/3/2020 - 22:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/3/2020 - 22:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
11/3/2020 - 22:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/3/2020 - 22:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/3/2020 - 22:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/3/2020 - 22:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
11/3/2020 - 22:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/3/2020 - 22:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/3/2020 - 22:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/3/2020 - 22:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
11/3/2020 - 22:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/3/2020 - 22:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/3/2020 - 22:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/3/2020 - 22:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
11/3/2020 - 22:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/3/2020 - 22:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/3/2020 - 22:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/3/2020 - 22:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
11/3/2020 - 22:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/3/2020 - 22:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/3/2020 - 22:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/3/2020 - 22:46:24.825Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
11/3/2020 - 22:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/3/2020 - 22:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/3/2020 - 22:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/3/2020 - 22:46:25.12Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
11/3/2020 - 22:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/3/2020 - 22:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/3/2020 - 22:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/3/2020 - 22:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
11/3/2020 - 22:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/3/2020 - 22:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/3/2020 - 22:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/3/2020 - 22:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
11/3/2020 - 22:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/3/2020 - 22:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/3/2020 - 22:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/3/2020 - 22:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
11/3/2020 - 22:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/3/2020 - 22:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/3/2020 - 22:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/3/2020 - 22:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
11/3/2020 - 22:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/3/2020 - 22:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/3/2020 - 22:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/3/2020 - 22:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
11/3/2020 - 22:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/3/2020 - 22:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/3/2020 - 22:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/3/2020 - 22:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
11/3/2020 - 22:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/3/2020 - 22:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/3/2020 - 22:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/3/2020 - 22:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
11/3/2020 - 22:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/3/2020 - 22:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/3/2020 - 22:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/3/2020 - 22:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
11/3/2020 - 22:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/3/2020 - 22:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/3/2020 - 22:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/3/2020 - 22:46:25.950Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
11/3/2020 - 22:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/3/2020 - 22:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/3/2020 - 22:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/3/2020 - 22:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
11/3/2020 - 22:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/3/2020 - 22:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/3/2020 - 22:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/3/2020 - 22:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
11/3/2020 - 22:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/3/2020 - 22:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/3/2020 - 22:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/3/2020 - 22:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
11/3/2020 - 22:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/3/2020 - 22:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/3/2020 - 22:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/3/2020 - 22:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
11/3/2020 - 22:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/3/2020 - 22:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/3/2020 - 22:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/3/2020 - 22:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
11/3/2020 - 22:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/3/2020 - 22:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/3/2020 - 22:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/3/2020 - 22:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
11/3/2020 - 22:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/3/2020 - 22:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/3/2020 - 22:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/3/2020 - 22:46:26.559Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
11/3/2020 - 22:46:26.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/3/2020 - 22:46:26.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/3/2020 - 22:46:26.559Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/3/2020 - 22:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
11/3/2020 - 22:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/3/2020 - 22:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/3/2020 - 22:46:26.653Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\script.fon
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/3/2020 - 22:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/3/2020 - 22:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
11/3/2020 - 22:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/3/2020 - 22:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/3/2020 - 22:46:26.840Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/3/2020 - 22:46:26.981Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
11/3/2020 - 22:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/3/2020 - 22:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/3/2020 - 22:46:27.168Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/3/2020 - 22:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
11/3/2020 - 22:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/3/2020 - 22:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/3/2020 - 22:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/3/2020 - 22:46:27.356Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
11/3/2020 - 22:46:27.356Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/3/2020 - 22:46:27.356Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/3/2020 - 22:46:27.356Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/3/2020 - 22:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
11/3/2020 - 22:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/3/2020 - 22:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/3/2020 - 22:46:27.450Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/3/2020 - 22:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
11/3/2020 - 22:46:27.731Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/3/2020 - 22:46:27.731Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/3/2020 - 22:46:27.731Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/3/2020 - 22:46:27.872Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
11/3/2020 - 22:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/3/2020 - 22:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/3/2020 - 22:46:28.12Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/3/2020 - 22:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
11/3/2020 - 22:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/3/2020 - 22:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/3/2020 - 22:46:28.106Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/3/2020 - 22:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
11/3/2020 - 22:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/3/2020 - 22:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/3/2020 - 22:46:28.200Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/3/2020 - 22:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/3/2020 - 22:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/3/2020 - 22:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/3/2020 - 22:46:28.293Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/3/2020 - 22:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
11/3/2020 - 22:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/3/2020 - 22:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/3/2020 - 22:46:28.387Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/3/2020 - 22:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
11/3/2020 - 22:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/3/2020 - 22:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/3/2020 - 22:46:28.481Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/3/2020 - 22:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
11/3/2020 - 22:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/3/2020 - 22:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/3/2020 - 22:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/3/2020 - 22:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
11/3/2020 - 22:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/3/2020 - 22:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/3/2020 - 22:46:28.668Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/3/2020 - 22:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
11/3/2020 - 22:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/3/2020 - 22:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/3/2020 - 22:46:28.762Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/3/2020 - 22:46:28.856Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
11/3/2020 - 22:46:28.856Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/3/2020 - 22:46:28.856Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/3/2020 - 22:46:28.856Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/3/2020 - 22:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
11/3/2020 - 22:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/3/2020 - 22:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/3/2020 - 22:46:28.950Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/3/2020 - 22:46:29.43Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
11/3/2020 - 22:46:29.43Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/3/2020 - 22:46:29.43Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/3/2020 - 22:46:29.43Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/3/2020 - 22:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
11/3/2020 - 22:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/3/2020 - 22:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/3/2020 - 22:46:29.137Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/3/2020 - 22:46:29.418Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
11/3/2020 - 22:46:29.512Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/3/2020 - 22:46:29.512Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/3/2020 - 22:46:29.512Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/3/2020 - 22:46:29.793Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
11/3/2020 - 22:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/3/2020 - 22:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/3/2020 - 22:46:29.887Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/3/2020 - 22:46:30.168Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
11/3/2020 - 22:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/3/2020 - 22:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/3/2020 - 22:46:30.262Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/3/2020 - 22:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
11/3/2020 - 22:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/3/2020 - 22:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/3/2020 - 22:46:30.356Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/3/2020 - 22:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
11/3/2020 - 22:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/3/2020 - 22:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/3/2020 - 22:46:30.450Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/3/2020 - 22:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
11/3/2020 - 22:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/3/2020 - 22:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/3/2020 - 22:46:30.543Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/3/2020 - 22:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
11/3/2020 - 22:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/3/2020 - 22:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/3/2020 - 22:46:30.637Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/3/2020 - 22:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
11/3/2020 - 22:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/3/2020 - 22:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/3/2020 - 22:46:30.731Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/3/2020 - 22:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
11/3/2020 - 22:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/3/2020 - 22:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/3/2020 - 22:46:30.825Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/3/2020 - 22:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
11/3/2020 - 22:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/3/2020 - 22:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/3/2020 - 22:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/3/2020 - 22:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
11/3/2020 - 22:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/3/2020 - 22:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/3/2020 - 22:46:31.12Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/3/2020 - 22:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
11/3/2020 - 22:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/3/2020 - 22:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/3/2020 - 22:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/3/2020 - 22:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
11/3/2020 - 22:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/3/2020 - 22:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/3/2020 - 22:46:31.200Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/3/2020 - 22:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
11/3/2020 - 22:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/3/2020 - 22:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/3/2020 - 22:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/3/2020 - 22:46:31.387Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
11/3/2020 - 22:46:31.387Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/3/2020 - 22:46:31.387Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/3/2020 - 22:46:31.387Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/3/2020 - 22:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
11/3/2020 - 22:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/3/2020 - 22:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/3/2020 - 22:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/3/2020 - 22:46:31.575Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
11/3/2020 - 22:46:31.575Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/3/2020 - 22:46:31.575Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/3/2020 - 22:46:31.575Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/3/2020 - 22:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
11/3/2020 - 22:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/3/2020 - 22:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/3/2020 - 22:46:31.668Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/3/2020 - 22:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
11/3/2020 - 22:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/3/2020 - 22:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/3/2020 - 22:46:31.762Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/3/2020 - 22:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
11/3/2020 - 22:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/3/2020 - 22:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/3/2020 - 22:46:31.856Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/3/2020 - 22:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
11/3/2020 - 22:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/3/2020 - 22:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/3/2020 - 22:46:31.950Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/3/2020 - 22:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
11/3/2020 - 22:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/3/2020 - 22:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/3/2020 - 22:46:32.43Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/3/2020 - 22:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
11/3/2020 - 22:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/3/2020 - 22:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/3/2020 - 22:46:32.137Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/3/2020 - 22:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
11/3/2020 - 22:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/3/2020 - 22:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/3/2020 - 22:46:32.231Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/3/2020 - 22:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
11/3/2020 - 22:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/3/2020 - 22:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/3/2020 - 22:46:32.325Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/3/2020 - 22:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
11/3/2020 - 22:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/3/2020 - 22:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/3/2020 - 22:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/3/2020 - 22:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
11/3/2020 - 22:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/3/2020 - 22:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/3/2020 - 22:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/3/2020 - 22:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
11/3/2020 - 22:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/3/2020 - 22:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/3/2020 - 22:46:32.637Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/3/2020 - 22:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
11/3/2020 - 22:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/3/2020 - 22:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/3/2020 - 22:46:32.731Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/3/2020 - 22:46:32.825Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
11/3/2020 - 22:46:32.825Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/3/2020 - 22:46:32.825Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/3/2020 - 22:46:32.825Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/3/2020 - 22:46:32.918Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
11/3/2020 - 22:46:32.918Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/3/2020 - 22:46:32.918Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/3/2020 - 22:46:32.918Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/3/2020 - 22:46:33.12Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
11/3/2020 - 22:46:33.12Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/3/2020 - 22:46:33.12Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/3/2020 - 22:46:33.12Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/3/2020 - 22:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
11/3/2020 - 22:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/3/2020 - 22:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/3/2020 - 22:46:33.106Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/3/2020 - 22:46:33.200Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
11/3/2020 - 22:46:33.200Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/3/2020 - 22:46:33.200Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/3/2020 - 22:46:33.200Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/3/2020 - 22:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
11/3/2020 - 22:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/3/2020 - 22:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/3/2020 - 22:46:33.293Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/3/2020 - 22:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
11/3/2020 - 22:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/3/2020 - 22:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/3/2020 - 22:46:33.387Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/3/2020 - 22:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
11/3/2020 - 22:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/3/2020 - 22:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/3/2020 - 22:46:33.481Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/3/2020 - 22:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
11/3/2020 - 22:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/3/2020 - 22:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/3/2020 - 22:46:33.575Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/3/2020 - 22:46:33.668Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
11/3/2020 - 22:46:33.668Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/3/2020 - 22:46:33.668Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/3/2020 - 22:46:33.668Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/3/2020 - 22:46:33.762Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
11/3/2020 - 22:46:33.762Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/3/2020 - 22:46:33.762Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/3/2020 - 22:46:33.762Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/3/2020 - 22:46:33.856Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
11/3/2020 - 22:46:33.856Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/3/2020 - 22:46:33.856Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/3/2020 - 22:46:33.856Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/3/2020 - 22:46:33.950Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
11/3/2020 - 22:46:33.950Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/3/2020 - 22:46:33.950Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/3/2020 - 22:46:33.950Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/3/2020 - 22:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
11/3/2020 - 22:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/3/2020 - 22:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/3/2020 - 22:46:34.43Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/3/2020 - 22:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
11/3/2020 - 22:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/3/2020 - 22:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/3/2020 - 22:46:34.137Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/3/2020 - 22:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
11/3/2020 - 22:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/3/2020 - 22:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/3/2020 - 22:46:34.231Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/3/2020 - 22:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
11/3/2020 - 22:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/3/2020 - 22:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/3/2020 - 22:46:34.325Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/3/2020 - 22:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
11/3/2020 - 22:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/3/2020 - 22:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/3/2020 - 22:46:34.418Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/3/2020 - 22:46:34.700Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
11/3/2020 - 22:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/3/2020 - 22:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/3/2020 - 22:46:34.840Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/3/2020 - 22:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
11/3/2020 - 22:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/3/2020 - 22:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/3/2020 - 22:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/3/2020 - 22:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
11/3/2020 - 22:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/3/2020 - 22:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/3/2020 - 22:46:34.981Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/3/2020 - 22:46:35.28Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
11/3/2020 - 22:46:35.215Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/3/2020 - 22:46:35.215Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/3/2020 - 22:46:35.215Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/3/2020 - 22:46:35.356Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
11/3/2020 - 22:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/3/2020 - 22:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/3/2020 - 22:46:35.543Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/3/2020 - 22:46:35.684Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
11/3/2020 - 22:46:35.872Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/3/2020 - 22:46:35.872Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/3/2020 - 22:46:35.872Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/3/2020 - 22:46:36.12Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
11/3/2020 - 22:46:36.200Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 22:46:36.200Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 22:46:36.200Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 22:46:36.528Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 22:46:36.762Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
11/3/2020 - 22:46:37.43Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/3/2020 - 22:46:37.43Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/3/2020 - 22:46:37.43Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/3/2020 - 22:46:37.184Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
11/3/2020 - 22:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/3/2020 - 22:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/3/2020 - 22:46:37.418Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/3/2020 - 22:46:37.559Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
11/3/2020 - 22:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/3/2020 - 22:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/3/2020 - 22:46:37.887Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/3/2020 - 22:46:38.28Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
11/3/2020 - 22:46:38.262Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/3/2020 - 22:46:38.262Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/3/2020 - 22:46:38.262Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/3/2020 - 22:46:38.356Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
11/3/2020 - 22:46:38.356Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/3/2020 - 22:46:38.356Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/3/2020 - 22:46:38.356Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/3/2020 - 22:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
11/3/2020 - 22:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/3/2020 - 22:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/3/2020 - 22:46:38.450Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/3/2020 - 22:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
11/3/2020 - 22:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/3/2020 - 22:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/3/2020 - 22:46:38.543Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/3/2020 - 22:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
11/3/2020 - 22:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/3/2020 - 22:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/3/2020 - 22:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/3/2020 - 22:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
11/3/2020 - 22:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/3/2020 - 22:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/3/2020 - 22:46:38.637Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/3/2020 - 22:46:38.731Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
11/3/2020 - 22:46:38.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/3/2020 - 22:46:38.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/3/2020 - 22:46:38.731Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/3/2020 - 22:46:38.872Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
11/3/2020 - 22:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/3/2020 - 22:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/3/2020 - 22:46:38.918Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/3/2020 - 22:46:39.59Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
11/3/2020 - 22:46:39.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/3/2020 - 22:46:39.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/3/2020 - 22:46:39.106Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/3/2020 - 22:46:39.247Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
11/3/2020 - 22:46:39.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/3/2020 - 22:46:39.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/3/2020 - 22:46:39.293Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/3/2020 - 22:46:39.434Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
11/3/2020 - 22:46:39.481Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/3/2020 - 22:46:39.481Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/3/2020 - 22:46:39.481Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/3/2020 - 22:46:39.575Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
11/3/2020 - 22:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/3/2020 - 22:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/3/2020 - 22:46:39.668Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/3/2020 - 22:46:39.762Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
11/3/2020 - 22:46:39.856Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/3/2020 - 22:46:39.856Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/3/2020 - 22:46:39.856Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/3/2020 - 22:46:39.950Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
11/3/2020 - 22:46:40.43Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/3/2020 - 22:46:40.43Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/3/2020 - 22:46:40.43Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/3/2020 - 22:46:40.137Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
11/3/2020 - 22:46:40.231Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/3/2020 - 22:46:40.231Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/3/2020 - 22:46:40.231Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/3/2020 - 22:46:40.325Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
11/3/2020 - 22:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/3/2020 - 22:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/3/2020 - 22:46:40.372Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/3/2020 - 22:46:40.465Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
11/3/2020 - 22:46:40.512Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/3/2020 - 22:46:40.512Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/3/2020 - 22:46:40.512Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/3/2020 - 22:46:40.606Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
11/3/2020 - 22:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/3/2020 - 22:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/3/2020 - 22:46:40.653Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/3/2020 - 22:46:40.747Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
11/3/2020 - 22:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/3/2020 - 22:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/3/2020 - 22:46:40.793Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/3/2020 - 22:46:40.887Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
11/3/2020 - 22:46:40.887Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/3/2020 - 22:46:40.887Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/3/2020 - 22:46:40.887Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/3/2020 - 22:46:40.981Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
11/3/2020 - 22:46:40.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/3/2020 - 22:46:40.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/3/2020 - 22:46:40.981Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/3/2020 - 22:46:41.122Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
11/3/2020 - 22:46:42.715Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/3/2020 - 22:46:42.715Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/3/2020 - 22:46:42.715Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/3/2020 - 22:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
11/3/2020 - 22:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/3/2020 - 22:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/3/2020 - 22:46:42.809Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/3/2020 - 22:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
11/3/2020 - 22:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/3/2020 - 22:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/3/2020 - 22:46:42.903Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/3/2020 - 22:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
11/3/2020 - 22:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/3/2020 - 22:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/3/2020 - 22:46:42.997Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/3/2020 - 22:46:43.90Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
11/3/2020 - 22:46:43.90Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/3/2020 - 22:46:43.90Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/3/2020 - 22:46:43.90Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/3/2020 - 22:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
11/3/2020 - 22:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/3/2020 - 22:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/3/2020 - 22:46:43.231Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/3/2020 - 22:46:43.372Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
11/3/2020 - 22:46:43.372Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/3/2020 - 22:46:43.372Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/3/2020 - 22:46:43.372Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/3/2020 - 22:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
11/3/2020 - 22:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/3/2020 - 22:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/3/2020 - 22:46:43.512Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/3/2020 - 22:46:43.653Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
11/3/2020 - 22:46:43.653Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/3/2020 - 22:46:43.653Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/3/2020 - 22:46:43.653Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/3/2020 - 22:46:43.747Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
11/3/2020 - 22:46:43.747Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/3/2020 - 22:46:43.747Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/3/2020 - 22:46:43.747Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/3/2020 - 22:46:43.840Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
11/3/2020 - 22:46:43.840Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/3/2020 - 22:46:43.840Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/3/2020 - 22:46:43.840Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/3/2020 - 22:46:43.934Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
11/3/2020 - 22:46:43.934Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/3/2020 - 22:46:43.934Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/3/2020 - 22:46:43.934Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/3/2020 - 22:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
11/3/2020 - 22:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/3/2020 - 22:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/3/2020 - 22:46:44.28Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/3/2020 - 22:46:44.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
11/3/2020 - 22:46:44.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/3/2020 - 22:46:44.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/3/2020 - 22:46:44.122Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/3/2020 - 22:46:44.215Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
11/3/2020 - 22:46:44.215Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 22:46:44.215Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 22:46:44.215Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 22:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 22:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/3/2020 - 22:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/3/2020 - 22:46:44.356Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/3/2020 - 22:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
11/3/2020 - 22:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/3/2020 - 22:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/3/2020 - 22:46:44.497Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/3/2020 - 22:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
11/3/2020 - 22:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/3/2020 - 22:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/3/2020 - 22:46:44.637Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/3/2020 - 22:46:44.778Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
11/3/2020 - 22:46:44.778Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/3/2020 - 22:46:44.778Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/3/2020 - 22:46:44.778Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/3/2020 - 22:46:44.872Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/3/2020 - 22:46:44.872Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:44.872Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/3/2020 - 22:46:44.872Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:44.918Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:44.965Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:45.12Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
11/3/2020 - 22:46:45.12Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:45.59Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:45.106Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:45.153Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:45.200Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:45.247Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:45.293Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:45.340Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
11/3/2020 - 22:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/3/2020 - 22:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/3/2020 - 22:46:45.340Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/3/2020 - 22:46:45.481Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:45.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:45.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:45.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:45.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:45.856Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:45.997Open1480C:\malware.exeC:\dwmapi.dll
11/3/2020 - 22:46:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 22:46:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 22:46:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:46.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:46.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:46.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:46.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:46.606Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:46.653Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:46.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:46.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:46.793Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/3/2020 - 22:46:46.934Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/3/2020 - 22:46:47.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:47.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.497Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
11/3/2020 - 22:46:47.497Open1480C:\malware.exeC:\bcrypt.dll
11/3/2020 - 22:46:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/3/2020 - 22:46:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\CRYPTSP.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:47.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:48.387Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.637Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.637Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.637Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.637Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.637Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.637Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 22:46:48.637Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 22:46:48.637Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.684Open1480C:\malware.exeC:\ntdll.dll
11/3/2020 - 22:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
11/3/2020 - 22:46:48.684Read2820C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
11/3/2020 - 22:46:48.684Open2820C:\malware.exe\Device\HarddiskVolume2
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Monitor
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Monitor
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Monitor
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\Favorites
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\Favorites
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\Favorites
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Windows
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Windows\assembly
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Windows\assembly\GAC_32
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_32
11/3/2020 - 22:46:48.684Read2820C:\malware.exeC:\Windows\assembly\GAC_32
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_32
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL
11/3/2020 - 22:46:48.684Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.684Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
11/3/2020 - 22:46:48.684Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
11/3/2020 - 22:46:48.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\Globalization
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Globalization
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Globalization
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\Globalization\Sorting
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Globalization\Sorting
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Globalization\Sorting
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\Microsoft.NET
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Microsoft.NET
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Microsoft.NET
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32\wow64.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32\wow64.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32\user32.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32\user32.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32\locale.nls
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32\locale.nls
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\System32\mctres.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\System32\mctres.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\profapi.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\profapi.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
11/3/2020 - 22:46:48.700Unknown2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
11/3/2020 - 22:46:48.700Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\System32\mctres.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\System32\locale.nls
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\System32\mctres.dll
11/3/2020 - 22:46:48.715Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\System32\wow64.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\System32\user32.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\profapi.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exe\Device\HarddiskVolume2
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\System32\wow64.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\System32\wow64.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows
11/3/2020 - 22:46:48.715Unknown2820C:\malware.exeC:\Windows
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Monitor
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 22:46:48.715Open2820C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\malware.exe.config
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/3/2020 - 22:46:48.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\Windows
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.731Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/3/2020 - 22:46:48.731Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.731Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.731Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.731Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.731Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\malware.exe.config
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
11/3/2020 - 22:46:48.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
11/3/2020 - 22:46:48.731Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
11/3/2020 - 22:46:48.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1115421
11/3/2020 - 22:46:48.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1115421
11/3/2020 - 22:46:48.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1115421
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\Users\Behemot
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Monitor
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\Monitor
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.747Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 22:46:48.747Open2820C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\malware.config
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Monitor\Malware
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\pubpol4.dat
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/3/2020 - 22:46:48.825Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.825Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.825Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.825Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.825Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.825Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:48.825Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\VERSION.dll
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:48.840Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:48.840Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\Globalization\pt-br.nlp
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
11/3/2020 - 22:46:48.840Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
11/3/2020 - 22:46:48.840Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:48.840Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
11/3/2020 - 22:46:48.840Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/3/2020 - 22:46:48.840Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:48.856Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:48.903Open1480C:\malware.exeC:\RpcRtRemote.dll
11/3/2020 - 22:46:48.903Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/3/2020 - 22:46:48.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/3/2020 - 22:46:48.903Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/3/2020 - 22:46:48.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/3/2020 - 22:46:48.903Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:48.950Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:48.950Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.950Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:48.997Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:48.997Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:49.43Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 22:46:49.43Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 22:46:49.43Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:49.43Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:49.43Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/3/2020 - 22:46:49.43Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:49.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:49.137Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:49.184Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:49.231Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/3/2020 - 22:46:49.278Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
11/3/2020 - 22:46:49.278Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\tahoma.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.278Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\malgun.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\micross.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\segoeui.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\msjh.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\msyh.ttf
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\dwmapi.dll
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/3/2020 - 22:46:49.293Read2820C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 22:46:49.293Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.293Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.293Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/3/2020 - 22:46:49.293Open2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/3/2020 - 22:46:49.293Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\malware.config
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\pt-BR\SkUpdate.resources.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\pt-BR\SkUpdate.resources\SkUpdate.resources.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\pt-BR\SkUpdate.resources.exe
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\pt-BR\SkUpdate.resources\SkUpdate.resources.exe
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:49.309Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:49.309Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:49.309Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\Windows\Globalization\pt.nlp
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\pt\SkUpdate.resources.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\pt\SkUpdate.resources\SkUpdate.resources.dll
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\pt\SkUpdate.resources.exe
11/3/2020 - 22:46:49.309Open2820C:\malware.exeC:\pt\SkUpdate.resources\SkUpdate.resources.exe
11/3/2020 - 22:46:49.309Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:49.325Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 22:46:49.325Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 22:46:49.325Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 22:46:49.325Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:49.325Open2820C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:49.325Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.325Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
11/3/2020 - 22:46:49.325Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.325Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.325Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.340Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:49.340Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:49.340Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
11/3/2020 - 22:46:49.340Unknown2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Open2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.403Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.450Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.497Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.543Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.590Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.637Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.731Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:49.778Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
11/3/2020 - 22:46:49.778Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.825Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.872Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.918Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:49.965Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.12Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.59Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.106Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:50.153Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/3/2020 - 22:46:50.153Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.153Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/3/2020 - 22:46:50.153Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.153Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/3/2020 - 22:46:50.153Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.200Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.247Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.293Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.340Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.434Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.434Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.481Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/3/2020 - 22:46:50.528Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.528Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.528Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.528Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.528Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.528Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.528Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.528Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/3/2020 - 22:46:50.528Open2820C:\malware.exeC:\malware.config
11/3/2020 - 22:46:50.528Open2820C:\malware.exeC:\malware.config
11/3/2020 - 22:46:50.528Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:50.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:50.622Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:50.668Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:50.715Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:50.762Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:50.809Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:50.856Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:50.903Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\WindowsUpdate.exe
11/3/2020 - 22:46:50.903Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:50.950Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:50.997Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:51.43Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:51.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:51.137Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:51.184Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:51.231Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:51.278Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:51.325Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
11/3/2020 - 22:46:51.325Open2820C:\malware.exeC:\rasapi32.dll
11/3/2020 - 22:46:51.325Open2820C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
11/3/2020 - 22:46:51.325Open2820C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
11/3/2020 - 22:46:51.606Open2820C:\malware.exeC:\rasman.dll
11/3/2020 - 22:46:51.606Open2820C:\malware.exeC:\Windows\SysWOW64\rasman.dll
11/3/2020 - 22:46:51.606Open2820C:\malware.exeC:\Windows\SysWOW64\rasman.dll
11/3/2020 - 22:46:51.981Open2820C:\malware.exeC:\rtutils.dll
11/3/2020 - 22:46:51.981Open2820C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
11/3/2020 - 22:46:52.28Open2820C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.356Open2820C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
11/3/2020 - 22:46:52.356Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\Globalization\en-us.nlp
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:52.372Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 22:46:52.372Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:52.372Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 22:46:52.372Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/3/2020 - 22:46:52.372Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.372Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\winhttp.dll
11/3/2020 - 22:46:52.372Open2820C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\webio.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/3/2020 - 22:46:52.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\cryptsp.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\credssp.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\credssp.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\credssp.dll
11/3/2020 - 22:46:52.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\IPHLPAPI.DLL
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\WINNSI.DLL
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\dhcpcsvc6.DLL
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/3/2020 - 22:46:52.387Unknown2820C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/3/2020 - 22:46:52.387Open2820C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/3/2020 - 22:46:52.387Unknown2820C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/3/2020 - 22:46:52.434Open2820C:\malware.exeC:\dhcpcsvc.DLL
11/3/2020 - 22:46:52.434Open2820C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/3/2020 - 22:46:52.434Open2820C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/3/2020 - 22:46:52.528Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.528Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.622Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\CRYPTSP.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\RpcRtRemote.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/3/2020 - 22:46:52.762Unknown2820C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/3/2020 - 22:46:52.762Open2820C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/3/2020 - 22:46:52.762Unknown2820C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/3/2020 - 22:46:52.809Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.809Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.809Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.809Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.809Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
11/3/2020 - 22:46:52.809Open2820C:\malware.exeC:\DNSAPI.dll
11/3/2020 - 22:46:52.809Open2820C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/3/2020 - 22:46:52.809Open2820C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/3/2020 - 22:46:52.950Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.950Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.950Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.950Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.950Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:52.997Open2820C:\malware.exeC:\rasadhlp.dll
11/3/2020 - 22:46:52.997Open2820C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/3/2020 - 22:46:52.997Open2820C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/3/2020 - 22:46:53.840Open2820C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/3/2020 - 22:46:53.840Open2820C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/3/2020 - 22:46:53.981Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:54.90Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.106Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.106Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.106Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.106Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\security.dll
11/3/2020 - 22:46:54.106Open2820C:\malware.exeC:\security.dll
11/3/2020 - 22:46:54.106Open2820C:\malware.exeC:\Windows\SysWOW64\security.dll
11/3/2020 - 22:46:54.106Open2820C:\malware.exeC:\Windows\SysWOW64\security.dll
11/3/2020 - 22:46:54.106Open2820C:\malware.exeC:\SECUR32.DLL
11/3/2020 - 22:46:54.106Open2820C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 22:46:54.106Open2820C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 22:46:54.106Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.106Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.106Open2820C:\malware.exeC:\Windows\SysWOW64\schannel.dll
11/3/2020 - 22:46:54.106Open2820C:\malware.exeC:\Windows\SysWOW64\schannel.dll
11/3/2020 - 22:46:54.106Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.122Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.122Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.122Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.231Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.231Open2820C:\malware.exeC:\Windows\assembly\GAC_32\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.231Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.231Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.231Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/3/2020 - 22:46:54.231Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.231Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/3/2020 - 22:46:54.231Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.231Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.231Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.247Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.247Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.247Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.247Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.247Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/3/2020 - 22:46:54.247Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/3/2020 - 22:46:54.247Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.247Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/3/2020 - 22:46:54.247Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.247Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.247Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.247Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.247Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.247Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.247Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.262Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.262Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.262Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.262Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.262Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.278Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:54.278Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.278Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.278Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.278Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:54.278Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\WindowsUpdate.exeWindowsUpdate.exe
11/3/2020 - 22:46:54.559Open2820C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\WindowsUpdate.exe
11/3/2020 - 22:46:54.559Open2820C:\malware.exeC:\Monitor\Files\DeletedFiles\WindowsUpdate.exe
11/3/2020 - 22:46:54.559Unknown2820C:\malware.exeC:\Monitor\Files\DeletedFiles\WindowsUpdate.exeWindowsUpdate.exe
11/3/2020 - 22:46:54.559Delete2820C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\WindowsUpdate.exeWindowsUpdate.exe
11/3/2020 - 22:46:54.559Unknown2820C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\WindowsUpdate.exeWindowsUpdate.exe
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.559Open2820C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.559Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.559Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.559Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.559Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.559Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.559Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.559Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.559Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\pt\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\pt\System.Windows.Forms.resources.exe
11/3/2020 - 22:46:54.575Open2820C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.exe
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.622Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.668Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
11/3/2020 - 22:46:54.668Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
11/3/2020 - 22:46:54.668Unknown2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Open2820C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:46:54.668Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:54.668Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:54.668Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/3/2020 - 22:46:54.668Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\symbols\dll\System.pdb
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\dll\System.pdb
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\System.pdb
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\symbols\dll\mscorlib.pdb
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\dll\mscorlib.pdb
11/3/2020 - 22:46:54.684Open2820C:\malware.exeC:\Windows\mscorlib.pdb
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.684Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.731Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.778Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:54.825Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:54.872Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/3/2020 - 22:46:54.918Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:54.965Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:55.12Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.59Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.106Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.153Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.200Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.247Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.293Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.340Open2820C:\malware.exeC:\malware.PDB
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\symbols\dll\System.Windows.Forms.pdb
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\dll\System.Windows.Forms.pdb
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\System.Windows.Forms.pdb
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:55.387Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\malware.exe
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/3/2020 - 22:46:55.387Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:55.387Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllSystem.Drawing.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllSystem.Runtime.Remoting.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dllSystem.configuration.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
11/3/2020 - 22:46:55.403Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
11/3/2020 - 22:46:55.403Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
11/3/2020 - 22:46:55.403Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
11/3/2020 - 22:46:55.418Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dllSystem.XML.dll
11/3/2020 - 22:46:55.418Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.418Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.418Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.418Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.418Open2820C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
11/3/2020 - 22:46:55.418Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/3/2020 - 22:46:55.418Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:55.418Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/3/2020 - 22:46:55.418Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:55.418Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:55.465Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
11/3/2020 - 22:46:55.465Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
11/3/2020 - 22:46:55.465Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:55.465Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:55.465Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:55.465Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:55.465Read2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:55.512Open2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
11/3/2020 - 22:46:55.512Unknown2820C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
11/3/2020 - 22:46:55.512Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.559Open2820C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:46:55.559Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 22:46:55.559Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 22:46:55.559Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 22:46:55.559Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 22:46:55.559Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 22:46:55.559Open2820C:\malware.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 22:46:55.559Unknown2820C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.559Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\WindowsCodecs.dll
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/3/2020 - 22:46:55.575Unknown2820C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/3/2020 - 22:46:55.575Unknown2820C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\malware.exe.Local
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 22:46:55.575Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 22:46:55.575Open2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 22:46:55.575Unknown2820C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 22:46:55.637Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.731Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.778Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/3/2020 - 22:46:55.825Read2820C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll

Process
Trace
11/3/2020 - 22:46:48.637Create1480C:\malware.exe2820C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
11/3/2020 - 22:46:0.28Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
11/3/2020 - 22:46:52.309Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
11/3/2020 - 22:46:52.309Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
11/3/2020 - 22:46:52.309Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileTracingMask
11/3/2020 - 22:46:52.309Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
11/3/2020 - 22:46:52.309Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32MaxFileSize
11/3/2020 - 22:46:52.309Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileDirectory
11/3/2020 - 22:46:52.372Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableFileTracing
11/3/2020 - 22:46:52.372Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableConsoleTracing
11/3/2020 - 22:46:52.372Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileTracingMask
11/3/2020 - 22:46:52.372Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSConsoleTracingMask
11/3/2020 - 22:46:52.372Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSMaxFileSize
11/3/2020 - 22:46:52.372Write2820C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileDirectory

File Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

DNS
Query
computer localhost arrow_forward computer gateway:50273 code secure75.securewebsession.com.
computer localhost arrow_forward computer gateway:DNS code secure75.securewebsession.com.

Response
computer gateway:DNS arrow_forward computer localhost code secure75.securewebsession.com. reply_all 69.49.115.38


TCP
Info
computer localhost:65191 arrow_forward 69.49.115.38:443
69.49.115.38:443 arrow_forward computer localhost:65191
computer localhost:65192 arrow_forward 69.49.115.38:443
69.49.115.38:443 arrow_forward computer localhost:65192

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 76.23%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.62%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 57.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 74.95%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle